The Mother Board

Motherboards.org forums. Free tech support, motherboard ID, and more.
It is currently Thu Nov 15, 2018 9:25 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: Trojans got me!
PostPosted: Wed Oct 29, 2008 3:18 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20868
Location: 07438
To confess, I hit a site I shouldn't have.. and then got rugged with a flurry of pop-ups and other nuisances. This is with my second system, a semi-dedicated 'folder'. May have to decommission it for awhile, and run my 'main' system only.
I shut down the LAN port, and did scans with my AVG, Ad-Aware and HijackThis. McAfee Stinger® found nothing. I think I got the system sanitized, but not sure. Even went into the Registry and took out some keys for the 'nasties'. Still getting a lot of unwanted junk. May have to lock down the IE program, unless my IP address has been "posted".
Following is what was found and removed..

Oct.29-2008.. AVG scan picked up the following as Trojan threats..
all were moved to quarantine file. Some keys had to be edited from the Registry.
~tmpa.exe
~tmpb.exe
XXX206.exe
XXX260.exe
XXX2588.exe
XXX2684.exe
XXX2769.exe
XXX2769.exe
XXX9739.exe
msxml71.dll
WTK9C329.htm (DL agent)

HijackThis scan.. removed items.. all considered security
threats to IE program.. as DL and tattle threats.
O2 - BHO: offersfortoday - {00a627c8-f16b-ac29-5aa5-2b22e2fc54b9} - C:\WINNT\system32\nsg8B.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINNT\system32\msxml71.dll
O2 - BHO: offersfortoday browser enhancer - {5DAB619C-E383-537D-58B7-CAF0A560CA36} - C:\WINNT\system32\npgeqtrakhq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: offersfortoday browser enhancer - {5DAB619C-E383-537D-58B7-CAF0A560CA36} -

Whenever I get the IE cache cleaned out, it stays clean.. until I activate the LAN connection again! May just kill the DSL connection program, and reinstall for a new IP address.. the 'main' system has not had any problems.

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Oct 30, 2008 5:19 am 
Offline
Anti-Static Strap
Anti-Static Strap

Joined: Fri Jan 28, 2005 5:34 pm
Posts: 482
You might want to try Malwarebytes anti-malware free from Majorgeeks.com. It works very well on trojans and does a good job finding nasties in the registry. Superantispyware (available at filehippo) works well also. Might save you from having to do a re-install.

_________________
"A veteran... is someone who... wrote a blank check made payable to the United States of America for an amount “up to and including my life”. That is honor, and there are way too many people in this country who no longer understand it." - Unknown


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 31, 2008 7:50 am 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20868
Location: 07438
After more scanning and tests, I found no malware or other nasties on the system. Even used the MS KB890830 malware removal program on the entire drive.. nothing found. Nothing came back from the previous episodes, but when I enabled the LAN for DSL, I got hit again with myriad nuisance files. Likely my IP address is in "open season", so I have the system disabled for the time being. Have migrated the F@H processes to my primary system, and they are working properly. The primary system seems unaffected.
Did some more research, and came up with some interesting links.. with listings for malware sites and programs/processes that are malicious.

http://www.malwarebytes.org/forums/inde ... entry32447

http://www.malwaredomainlist.com/update.php

The system will remain down for a time, no loss.. and it may be a good excuse to redo the DSL connection process, for a new IP address.. or to install the copy of XP Home I have but never activated.

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Oct 31, 2008 2:52 pm 
Offline
Black Belt 2nd Degree
Black Belt 2nd Degree

Joined: Mon Aug 19, 2002 5:18 pm
Posts: 2098
Location: West Midlands UK
Happens to the best of us at times.....

Hope you sort it....been a while since I had an infestation....but I guess it is bound to strike at some point

_________________
"Take counsel in wine, but resolve afterwards in water."
Benjamin Franklin (1706-1790)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Nov 19, 2008 3:45 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20868
Location: 07438
Closure, I hope..
After a few weeks of using the 'main' system and letting the 'secondary' system set idle except for once-weekly anti-viral scans and updates, looks like I am not plagued any longer by the nasties. no new files come in randomly, and AdAware and HijackThis report nothing new. Did have to boot in under basic command-prompt mode and delete some files in the D&S\"Temp" folder for my use. They were locked when the OS was active. They didn't return after two reboots. Also locked down one Web IP address that may have been a source of the affliction.

All because I have a 'friendly' Red Fox Vixen in my back yard.. and wanted to know their habits and food likes. One site looked legit, but Oy Vey!
Some states allow them as 'pets', others don't. Would like to have her stay around, to control the rodent population. Took several months, but she now will come when "called" for handouts, to within a few feet of me. She loves the tips of chicken wings.. but cooked first! :lol:
The Red Fox: Vulpes vulpes

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Nov 25, 2008 1:44 pm 
Offline
Black Belt 1st Degree
Black Belt 1st Degree

Joined: Thu Sep 25, 2003 1:41 pm
Posts: 1135
Karl, i too have been getting many calls lately about trojan infections. These computers are protected with AVG, spywareblaster, etc. so do you have any idea how they are getting by all this protection?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Nov 25, 2008 3:00 pm 
Offline
Mobo-fu Master
Mobo-fu Master

Joined: Wed Nov 12, 2003 11:57 am
Posts: 20868
Location: 07438
The anti-virus and Firewall programs do what they are supposed to do. But those "tattle cookies" and "spores" that you get look benign to the protection systems.. and so get by.
Once there is the right amount of those invading bits, then a batch file assembles the brigade of attackers.. and you are in trouble.
It is a constant battle between the viral purveyors and anti-virus programming. A complete system scan daily isn't overkill. And ensuring that the programs are updated daily is the best protection. And a daily (or alternate days) run of AdAware and HijackThis will ensure the system is clean.
Some files are named differently than they are.. and can attack the Registry, in stealth mode.. and leave their nasty graffiti for the next time you boot up! Be wary of any programs that want to install on your system, unless they come from a program you know is sanitized. And also any new batch files that appear.

Of all the systems I have owned in more than 10 years, this was only the third time (knock on noggin.. solid oak!) that I have had an infection.

_________________
F@H.. to solve mankind's maladies.. in our lifetimes!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue Dec 02, 2008 1:43 pm 
Offline
Black Belt
Black Belt

Joined: Tue Jun 12, 2007 10:47 am
Posts: 721
Location: Havana, Cuba
OH, my dear Karl, none of us are inmune to these pesky infections at some point.

In my experience only one "maladies" search engine or even two are not enough for this kind of alliens I use the spywareblaster from javacool software to prevent them from installing in my system and spyboth S&D and the free version of Ad-aware to catch them. Every week I catch a few minor intruders but not a big infection.

AVG and NOD32 provide me with what I think is a good protection.

_________________
"I have only come here seeking knowledge,
Things they would not teach me of in college"
-Wrapped Around Your Fingers-
-The Police-


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Dec 03, 2008 2:52 pm 
Offline
Black Belt
Black Belt

Joined: Fri Jan 23, 2004 3:18 pm
Posts: 741
Location: over there...
Karlsweldt,
I know the feeling. We do all we can to keep the culprits out, and then one slips in.

You may want to try Comodo's BOClean (Freeware). http://www.comodo.com/boclean/boclean.html
* Destroys malware and removes registry entries
* Does not require a reboot to remove all traces
* Disconnects the threat without disconnecting you
* Generates optional report and safe copy of evidence
* Update automatically from a network file share

I use ZoneAlarm Internet Security Suite 2009 (Registered version). Works for me.
http://www.zonealarm.com/security/en-us ... -suite.htm

I also use SUPERAntiSpyware (Freeware version, does not run in the background, only the registered $20.00 version does).
http://www.superantispyware.com
Detect and Remove Spyware, Adware, Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits and many other types of threats.

I get bit every now and then, but not as much as I used to.
Tri. PDT_Armataz_01_01

_________________
"Common sense is not so common." - Voltaire


Last edited by TriAngle on Wed Dec 03, 2008 3:04 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed Dec 03, 2008 3:03 pm 
Offline
Black Belt
Black Belt

Joined: Fri Jan 23, 2004 3:18 pm
Posts: 741
Location: over there...
Karlsweldt,
That's just another reason why I run Linux on 2 of my machines.
Haven't been whacked yet, and they do all I need for them to do.
But, I have 2 other machines with XP Pro and Vista (I don't know why I bother with this Vista, had to do a complete reinstall 5 times already and it's only 1.5 years old).

Good luck,
Tri. PDT_Armataz_01_01

_________________
"Common sense is not so common." - Voltaire


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group