Trojans got me!

Help and Discussion

Moderator: The Mod Squad

Trojans got me!

Postby Karlsweldt » Wed Oct 29, 2008 3:18 pm

To confess, I hit a site I shouldn't have.. and then got rugged with a flurry of pop-ups and other nuisances. This is with my second system, a semi-dedicated 'folder'. May have to decommission it for awhile, and run my 'main' system only.
I shut down the LAN port, and did scans with my AVG, Ad-Aware and HijackThis. McAfee Stinger® found nothing. I think I got the system sanitized, but not sure. Even went into the Registry and took out some keys for the 'nasties'. Still getting a lot of unwanted junk. May have to lock down the IE program, unless my IP address has been "posted".
Following is what was found and removed..

Oct.29-2008.. AVG scan picked up the following as Trojan threats..
all were moved to quarantine file. Some keys had to be edited from the Registry.
~tmpa.exe
~tmpb.exe
XXX206.exe
XXX260.exe
XXX2588.exe
XXX2684.exe
XXX2769.exe
XXX2769.exe
XXX9739.exe
msxml71.dll
WTK9C329.htm (DL agent)

HijackThis scan.. removed items.. all considered security
threats to IE program.. as DL and tattle threats.
O2 - BHO: offersfortoday - {00a627c8-f16b-ac29-5aa5-2b22e2fc54b9} - C:\WINNT\system32\nsg8B.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINNT\system32\msxml71.dll
O2 - BHO: offersfortoday browser enhancer - {5DAB619C-E383-537D-58B7-CAF0A560CA36} - C:\WINNT\system32\npgeqtrakhq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: offersfortoday browser enhancer - {5DAB619C-E383-537D-58B7-CAF0A560CA36} -

Whenever I get the IE cache cleaned out, it stays clean.. until I activate the LAN connection again! May just kill the DSL connection program, and reinstall for a new IP address.. the 'main' system has not had any problems.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20690
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby biguglyman » Thu Oct 30, 2008 5:19 am

You might want to try Malwarebytes anti-malware free from Majorgeeks.com. It works very well on trojans and does a good job finding nasties in the registry. Superantispyware (available at filehippo) works well also. Might save you from having to do a re-install.
"A veteran... is someone who... wrote a blank check made payable to the United States of America for an amount “up to and including my life”. That is honor, and there are way too many people in this country who no longer understand it." - Unknown
biguglyman
Anti-Static Strap
Anti-Static Strap
 
Posts: 482
Joined: Fri Jan 28, 2005 5:34 pm

Postby Karlsweldt » Fri Oct 31, 2008 7:50 am

After more scanning and tests, I found no malware or other nasties on the system. Even used the MS KB890830 malware removal program on the entire drive.. nothing found. Nothing came back from the previous episodes, but when I enabled the LAN for DSL, I got hit again with myriad nuisance files. Likely my IP address is in "open season", so I have the system disabled for the time being. Have migrated the F@H processes to my primary system, and they are working properly. The primary system seems unaffected.
Did some more research, and came up with some interesting links.. with listings for malware sites and programs/processes that are malicious.

http://www.malwarebytes.org/forums/inde ... entry32447

http://www.malwaredomainlist.com/update.php

The system will remain down for a time, no loss.. and it may be a good excuse to redo the DSL connection process, for a new IP address.. or to install the copy of XP Home I have but never activated.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20690
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby snakebite66 » Fri Oct 31, 2008 2:52 pm

Happens to the best of us at times.....

Hope you sort it....been a while since I had an infestation....but I guess it is bound to strike at some point
"Take counsel in wine, but resolve afterwards in water."
Benjamin Franklin (1706-1790)
snakebite66
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2098
Joined: Mon Aug 19, 2002 5:18 pm
Location: West Midlands UK

Postby Karlsweldt » Wed Nov 19, 2008 3:45 pm

Closure, I hope..
After a few weeks of using the 'main' system and letting the 'secondary' system set idle except for once-weekly anti-viral scans and updates, looks like I am not plagued any longer by the nasties. no new files come in randomly, and AdAware and HijackThis report nothing new. Did have to boot in under basic command-prompt mode and delete some files in the D&S\"Temp" folder for my use. They were locked when the OS was active. They didn't return after two reboots. Also locked down one Web IP address that may have been a source of the affliction.

All because I have a 'friendly' Red Fox Vixen in my back yard.. and wanted to know their habits and food likes. One site looked legit, but Oy Vey!
Some states allow them as 'pets', others don't. Would like to have her stay around, to control the rodent population. Took several months, but she now will come when "called" for handouts, to within a few feet of me. She loves the tips of chicken wings.. but cooked first! :lol:
The Red Fox: Vulpes vulpes
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20690
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby beaconengr » Tue Nov 25, 2008 1:44 pm

Karl, i too have been getting many calls lately about trojan infections. These computers are protected with AVG, spywareblaster, etc. so do you have any idea how they are getting by all this protection?
beaconengr
Black Belt 1st Degree
Black Belt 1st Degree
 
Posts: 1135
Joined: Thu Sep 25, 2003 1:41 pm

Postby Karlsweldt » Tue Nov 25, 2008 3:00 pm

The anti-virus and Firewall programs do what they are supposed to do. But those "tattle cookies" and "spores" that you get look benign to the protection systems.. and so get by.
Once there is the right amount of those invading bits, then a batch file assembles the brigade of attackers.. and you are in trouble.
It is a constant battle between the viral purveyors and anti-virus programming. A complete system scan daily isn't overkill. And ensuring that the programs are updated daily is the best protection. And a daily (or alternate days) run of AdAware and HijackThis will ensure the system is clean.
Some files are named differently than they are.. and can attack the Registry, in stealth mode.. and leave their nasty graffiti for the next time you boot up! Be wary of any programs that want to install on your system, unless they come from a program you know is sanitized. And also any new batch files that appear.

Of all the systems I have owned in more than 10 years, this was only the third time (knock on noggin.. solid oak!) that I have had an infection.
F@H.. to solve mankind's maladies.. in our lifetimes!
Karlsweldt
Mobo-fu Master
Mobo-fu Master
 
Posts: 20690
Joined: Wed Nov 12, 2003 11:57 am
Location: 07438

Postby rascard2007 » Tue Dec 02, 2008 1:43 pm

OH, my dear Karl, none of us are inmune to these pesky infections at some point.

In my experience only one "maladies" search engine or even two are not enough for this kind of alliens I use the spywareblaster from javacool software to prevent them from installing in my system and spyboth S&D and the free version of Ad-aware to catch them. Every week I catch a few minor intruders but not a big infection.

AVG and NOD32 provide me with what I think is a good protection.
"I have only come here seeking knowledge,
Things they would not teach me of in college"
-Wrapped Around Your Fingers-
-The Police-
rascard2007
Black Belt
Black Belt
 
Posts: 720
Joined: Tue Jun 12, 2007 10:47 am
Location: Havana, Cuba

Postby TriAngle » Wed Dec 03, 2008 2:52 pm

Karlsweldt,
I know the feeling. We do all we can to keep the culprits out, and then one slips in.

You may want to try Comodo's BOClean (Freeware). http://www.comodo.com/boclean/boclean.html
* Destroys malware and removes registry entries
* Does not require a reboot to remove all traces
* Disconnects the threat without disconnecting you
* Generates optional report and safe copy of evidence
* Update automatically from a network file share

I use ZoneAlarm Internet Security Suite 2009 (Registered version). Works for me.
http://www.zonealarm.com/security/en-us ... -suite.htm

I also use SUPERAntiSpyware (Freeware version, does not run in the background, only the registered $20.00 version does).
http://www.superantispyware.com
Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.

I get bit every now and then, but not as much as I used to.
Tri. PDT_Armataz_01_01
Last edited by TriAngle on Wed Dec 03, 2008 3:04 pm, edited 1 time in total.
"Common sense is not so common." - Voltaire
TriAngle
Black Belt
Black Belt
 
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...

Postby TriAngle » Wed Dec 03, 2008 3:03 pm

Karlsweldt,
That's just another reason why I run Linux on 2 of my machines.
Haven't been whacked yet, and they do all I need for them to do.
But, I have 2 other machines with XP Pro and Vista (I don't know why I bother with this Vista, had to do a complete reinstall 5 times already and it's only 1.5 years old).

Good luck,
Tri. PDT_Armataz_01_01
"Common sense is not so common." - Voltaire
TriAngle
Black Belt
Black Belt
 
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...


Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron