| Page 1 of 1 |
|
|
|
| Back to top |
|
 |
Rinze
Site Admin
Posts: 2343
|
 Posted: Thu, 15th Jan 2009 10:46 Post subject: |
|
|
It tried to disable the windows firewall, and it collected the passwords stored in firefox and it collected something that has to do with IE (also stored passwords?) and sent it to ftp.breeze-esports.com
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 15th Jan 2009 18:40 Post subject: |
|
|
Thanks, Hopefully when my firewall popped up saying its attempting to communicate with 88.198.58.147 it didnt send when I click Block.
Will change all my passwords incase, what a pain thats going to be!!
Thanks
--edit--
Just did a search for ff.txt (guessing this is what you meant by the firefox passwords?) and I dont have that file anywhere on my computer
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
Rinze
Site Admin
Posts: 2343
|
| Posted: Thu, 15th Jan 2009 18:53 Post subject: |
|
|
It's not named ff.txt, but also contains your computer name.
If you open explorer and type %TEMP% in the address bar you should be in the right folder.
But it probably isn't stolen, I couldn't access the ftp server with the username and password mentioned in the batch file.
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 15th Jan 2009 19:11 Post subject: |
|
|
Thanks, did a search in the Temp folder and all I could find was "hsperfdata_Steve-O" which is a part of Java Runtime I think.
Im sure Comodo stopped it all, as soon as it popped up saying its trying to connect I blocked it and set comodo to block all mode. Also set the Defense plus of Comodo to Paranoid and blocked it every time it tried to start up.
Going to change them all anyway to be safe
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 15th Jan 2009 20:40 Post subject: |
|
|
just wondering, is it best to do a virus scan in safe mode?
im guessing it is just incase its running and hiding itself in the processes??
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
Cythrawl
Posts: 98
Location: Arse over Tit, USA
|
| Posted: Thu, 15th Jan 2009 20:47 Post subject: |
|
|
I would also install and run Malware Bytes AntiMalware too http://www.malwarebytes.org/ , and yes it's best to do it in safe mode (for both)
|
|
| Back to top |
|
|
|
|
| Posted: Thu, 15th Jan 2009 21:30 Post subject: |
|
|
ok will run -
Spyware S&D
AdAware
Malware Bytes
Nod32
Kaspersky
in safemode
Surely if nothing is picked up by them then the system must be clean?
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
Cythrawl
Posts: 98
Location: Arse over Tit, USA
|
| Posted: Thu, 15th Jan 2009 22:09 Post subject: |
|
|
| Steve-O 2004 wrote: | ok will run -
Spyware S&D
AdAware
Malware Bytes
Nod32
Kaspersky
in safemode
Surely if nothing is picked up by them then the system must be clean? |
I would say that anything on your system will be killed by the time you are done. If the system is still doing weird shit though I would back up info and re-install.. Youve pretty much covered a lot of bases there with that list..
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Fri, 16th Jan 2009 09:54 Post subject: |
|
|
In vista 64 i run anywhere between 38 and 40 processes when not having shit like logitech software running or whittling down say soundblaster crap i dont need.. Where as on Xp I can run the system with around 18 at most.
|
|
| Back to top |
|
|
Cythrawl
Posts: 98
Location: Arse over Tit, USA
|
| Posted: Fri, 16th Jan 2009 15:21 Post subject: |
|
|
| Steve-O 2004 wrote: | So far done
Spyware S&D
AdAware
Malware Bytes
and its found nothing (well just small log things, history files and cookies, the usual low threats that get picked up all the time)
Will do Nod32 scan and Comodo scan tomorrow, done enough today almost 4 hours of scanning excluding the 2x 400GB External drives 
I cant use Kaspersky as it says to install I need to first remove - Nod32, Adaware, Spyware SD and Comodo firewall!!
How many Processes do you have running? Im getting about 60, is this normal?
System seems fine now, when infected it was 100% Ram usage and 2.1gb of Page File usage!! |
I have had around 50-60... I would try and get hold of a cracked/serial for Tune up Utilities 2009 as it has a very good start up analyzer and a services tuner. Its still not as good as doing everything yourself and using a resource like Black Viper's page, but half the time I really cannot be arsed with that. It asks you a few questions, and adjusts the services accordingly. The Startup manager is much better than using MSConfig too.
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sat, 17th Jan 2009 17:35 Post subject: |
|
|
...
Last edited by temprandom on Thu, 24th May 2012 22:52; edited 1 time in total
|
|
| Back to top |
|
|
|
|
|
| Back to top |
|
|
|
|
| Posted: Sun, 18th Jan 2009 00:39 Post subject: |
|
|
just wondering, is it normal for some cracks to be reported as Malware, Viruses, Dialers or Worms?
George W Bush -
'...more and more of our imports are coming from overseas.'
|
|
| Back to top |
|
|
Karmeck
Posts: 3341
Location: Sweden
|
| Posted: Sun, 18th Jan 2009 01:24 Post subject: |
|
|
| Steve-O 2004 wrote: | | just wondering, is it normal for some cracks to be reported as Malware, Viruses, Dialers or Worms? |
yes
|
|
| Back to top |
|
|
| Page 1 of 1 |
All times are GMT + 1 Hour |
