PDA

View Full Version : Be careful, new virus about!



Scragbat
08-29-2004, 07:40 AM
I had a Virus on my computer that AVG did not spot! A Trojan called 'Examinator' (eXaMiNaToR.exe).
I noticed it running when I did CTRL-ALT-DELETE. Found the program folder in Windows/System32. It had a text file in there which was very scary. The trojan was a key logger and in the text file was everything I had typed. EVERYTHING! Passwords, logins, account details, Google searches! There was also an upload.dll in there too http://ubbxforums.ubi.com/infopop/emoticons/icon_redface.gif(
I just pray that Zonealarm did not allow it to send anything out or some ba$t$^d has my debit card details (I bought something online).
Gobsmacked that AVG let the program run as I have the latest definitions???
Ad Aware found 4 nasties in my registry after I had got rid of Examinator...

It's lucky that I check from time to time what is running in the background.

http://www.appy55.dsl.pipex.com/FB/squigsig.gif
Scragbat's Forgotten Battles Virtual Movies (http://www.appy55.dsl.pipex.com)

Scragbat
08-29-2004, 07:40 AM
I had a Virus on my computer that AVG did not spot! A Trojan called 'Examinator' (eXaMiNaToR.exe).
I noticed it running when I did CTRL-ALT-DELETE. Found the program folder in Windows/System32. It had a text file in there which was very scary. The trojan was a key logger and in the text file was everything I had typed. EVERYTHING! Passwords, logins, account details, Google searches! There was also an upload.dll in there too http://ubbxforums.ubi.com/infopop/emoticons/icon_redface.gif(
I just pray that Zonealarm did not allow it to send anything out or some ba$t$^d has my debit card details (I bought something online).
Gobsmacked that AVG let the program run as I have the latest definitions???
Ad Aware found 4 nasties in my registry after I had got rid of Examinator...

It's lucky that I check from time to time what is running in the background.

http://www.appy55.dsl.pipex.com/FB/squigsig.gif
Scragbat's Forgotten Battles Virtual Movies (http://www.appy55.dsl.pipex.com)

Atomic_Marten
08-29-2004, 07:44 AM
More sad news. Thx M8 for warning. Hope antivirus programs will respond with quick update/tool/remover.

Fly nice http://ubbxforums.ubi.com/images/smiley/93.gif

F19_Ob
08-29-2004, 07:51 AM
thnx for the heads up.......

arcadeace
08-29-2004, 08:22 AM
Keep in mind a Trojan is not a virus, it can easily get past anti-virus protection. Zone Alarm should have stopped it from entering the net. I have never had one program leave my computer without my authorization when using it.

Try using a good anti-trojan program. I have Tauscan, it constantly monitors in the background, is always updated and user friendly.

lil_labbit
08-29-2004, 08:29 AM
Don't use Internet explorer get offline ! and check if a chat program tries to contact outside!

(Close all chat programs first!)

If so you got a nice problem on your hands...
You got bots...
...read this: http://www.grc.com/dos/grcdos.htm

Then test your system too! :
https://grc.com/x/ne.dll?bh0bkyd2

http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif

www.net-peeker.com (http://www.net-peeker.com) can show you the programs online http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif - you can block them too http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif

http://members.home.nl/lil.labbit/lilseesya.jpg
Night is better than Day

[This message was edited by lil_labbit on Sun August 29 2004 at 07:42 AM.]

Red_Russian13
08-29-2004, 08:43 AM
Thanks for the info guys. I'm fairly computer savvy, but this stuff is going far and away beyond me anymore. These deviant SOBs keep getting smarter. And I haven't the time to keep up on the latest software...

Tell me, I've got Norton Internet Security (frequently updated), Norton Anti-Virus, Ad-Aware, and Spybot. Do I need anything else you think?

Thanks.

Red Russian

http://img.photobucket.com/albums/v256/Red_Russian13/RedRussian.jpg

lil_labbit
08-29-2004, 08:47 AM
Yes read the above!

Get net-peeker !
Run it asap to see traffic...
Check whats going out and coming in !
The bot might have send the data in that file already - hope you printed it - see it as a real mugging! it is ! - and change your passwords etc after you get rid of the bugger... http://ubbxforums.ubi.com/infopop/emoticons/icon_frown.gif

AND if you got any online banking accounts... BLOCK THEM

http://members.home.nl/lil.labbit/lilseesya.jpg
Night is better than Day

Red_Russian13
08-29-2004, 08:50 AM
Alright computer gurus,

I looked in my CTL+ALT+DEL, boy, there's a lot of **** in there! I don't know what a lot of it means. I remember seeing a site which explained the meaning of most of those programs.

I didn't notice the Examinator program (thankfully). Running ALL of my weapons right now though.

Thanks again for the info...this stuff is more scary every day it seems. Can't imagine how people who are even less knowledgable feel.

Red Russian

http://img.photobucket.com/albums/v256/Red_Russian13/RedRussian.jpg

Red_Russian13
08-29-2004, 08:52 AM
Rabbit;

With NetPeeker, can I disable the firewall, as I've already got a fairly good one with NIS?

Thoughts?

Red Russian

http://img.photobucket.com/albums/v256/Red_Russian13/RedRussian.jpg

lil_labbit
08-29-2004, 08:53 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Red_Russian13:
Can't imagine how people who are even less knowledgable feel.

Red Russian

http://img.photobucket.com/albums/v256/Red_Russian13/RedRussian.jpg
<HR></BLOCKQUOTE>

http://ubbxforums.ubi.com/images/smiley/16x16_smiley-surprised.gif http://ubbxforums.ubi.com/images/smiley/16x16_smiley-sad.gif http://ubbxforums.ubi.com/images/smiley/blink.gif and then
ruined...

http://members.home.nl/lil.labbit/lilseesya.jpg
Night is better than Day

Red_Russian13
08-29-2004, 08:56 AM
Rabbit,

Edit: Nevermind...I'm following you now.

Red Russian

http://img.photobucket.com/albums/v256/Red_Russian13/RedRussian.jpg

lil_labbit
08-29-2004, 09:10 AM
Well Bots are nasty...

That's why I'm not on any online chat http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif xcept my own http://ubbxforums.ubi.com/infopop/emoticons/icon_biggrin.gif

http://members.home.nl/lil.labbit/UBITrace.jpg

And I keep in touch a bit - there's a good news page to get here (I'll direct ya to a WinAMP skin warning http://ubbxforums.ubi.com/infopop/emoticons/icon_wink.gif - http://www.afterdawn.com/news/archive/5526.cfm - got that today)...

http://members.home.nl/lil.labbit/lilseesya.jpg
Night is better than Day

sunflower1
08-29-2004, 12:47 PM
Thanks lil labbit!!

Everyone should bookmark that company's site.

" Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Preliminary Internet connection refused!
This is extremely favorable for your system's overall Windows File and Printer Sharing security. Most Windows systems, with the Network Neighborhood installed, hold the NetBIOS port 139 wide open to solicit connections from all passing traffic. Either this system has closed this usually-open port, or some equipment or software such as a "firewall" is preventing external connection and has firmly closed the dangerous port 139 to all passersby. (Congratulations!)
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet."


The link you provided to Steve Gibson's tale was ABSOLUTELY FASCINATING and sitting there reading it got me in trouble with the missus for lagging on honey do's. GOOD JOB!!

EDIT btw, I have no idea why my computer scores well, I have no zone alarm, software or hardware firewall and I have SP2's security center turned off. I am on my gaming profile, I don't know if that would make a difference or not, and I'm on a proxy server, maybe that helps, I have no idea.

[This message was edited by sunflower1 on Sun August 29 2004 at 11:56 AM.]

huggy87
08-29-2004, 01:07 PM
I've had horrible virus problems for the past four weeks. While I mostly have it contained, I still have a problem with internet explorer running in the background. When I first start windows, or leave the computer for awhile, I am told I have one program running. When I check processes, I have iexplorer running twice. When I try to 'end process' on either it just pops back up. I have tried uninstalling it, but windows won't let me and it does not appear in the add/remove programs list. I switched to firefox a month ago but iexplorer still vexes me.

Does anybody have any idea how I can completely remove it from my system?

Scragbat
08-29-2004, 03:48 PM
Thanks for the advice guys, installing some more security now as well as my Anti-Virus and Firewall software.

Thanks for that excellent link lil_labbit on online security checking http://ubbxforums.ubi.com/images/smiley/11.gif
Now in my favorites.

Very nice to know that I have acheived
perfect "TruStealth" rating on those tests. Very reassuring.

I'm sure nothing was sent to the scumbag who created the trojan but I will keep an eye on things.

Regards
Scrag

http://www.appy55.dsl.pipex.com/FB/squigsig.gif
Scragbat's Forgotten Battles Virtual Movies (http://www.appy55.dsl.pipex.com)

blairgowrie
08-29-2004, 03:54 PM
Thanks for the Netpeeker link lil_labbit. I now have it installed and it is working it's lil head off.

Not 100% sure yet what it is telling me but I feel a lot more secure with it running. How do you recognize the "bad stuff"?

http://img14.photobucket.com/albums/v41/blairgowrie/FBWebpage.jpg

JG52Uther
08-29-2004, 04:08 PM
Great link.TruStealth for me too http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif

http://img78.photobucket.com/albums/v299/JG52Uther/FW.jpg Achtung Baby!!

Obi_Kwiet
08-29-2004, 04:28 PM
What ever they say about windows, I'm not giving up my task manager.

VW-IceFire
08-29-2004, 06:08 PM
If you guys aren't already using something other than Internet Explorer, its time to switch to Firefox (or something else).

www.mozilla.org (http://www.mozilla.org)

I haven't gotten any new Spyware according to AdAware SE for a while.

http://home.cogeco.ca/~cczerneda/sigs/tmv-sig1.jpg
RAF No 92 Squadron
"Either fight or die"

sunflower1
08-29-2004, 07:58 PM
Lil labbit, have you followed all the way through Gibson's advice, including unbinding the networking from tcp/ip? This stuff is incredible.

I take it your run Zone Alarm?

WTE_Galway
08-30-2004, 01:48 AM
if you are unsure what an obscure process in taskmanger actually does try looking it up here:

http://www.liutilities.com/products/wintaskspro/processlibrary/

it covers an amazing number of genuine and trojan background tasks in some detail

tHeBaLrOgRoCkS
08-30-2004, 01:58 AM
Cheers for the heads up gents!
I had a virus sneek onto my system and am not quite sure how the bugger got in http://ubbxforums.ubi.com/images/smiley/blink.gif (suspect it was IE) as I run firefox for browsing and avast anti software alongside zonealarm all behind a router so am generally pretty secure (first virus I have had in a good few months).
Hopefully the above links might help shed some light on the situation.
You know, I am seriously starting to consider a network security course so I can get me some aggressive pay back on these fookers!! I got better things to be doing with my time than worrying wether some azzhat script kiddie is trying to bork my machine for kicks.

Actually (and I admit I am probably a little paranoid about this subject) Has it ever occured to anyone that it is actually in the intrests of the manufacturer's of antivirus software/protection that these little fookers keep doing exactley what they are doing. I mean you wouldnt have to buy anti virus software if there was a cure would you?!? Guess its too late now though as were all a long way down the upgrade or die road to start turning back.

Just my two cents ......Patch junkies are us http://ubbxforums.ubi.com/images/smiley/35.gif

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

RAAF_Edin
08-30-2004, 02:22 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by tHeBaLrOgRoCkS:
Actually (and I admit I am probably a little paranoid about this subject) Has it ever occured to anyone that it is actually in the intrests of the manufacturer's of antivirus software/protection that these little fookers keep doing exactley what they are doing. I mean you wouldnt have to buy anti virus software if there was a cure would you?!?<HR></BLOCKQUOTE>

I wouldn't be suprised if such companies themselves are creating these viruses so we buy their anti-thingo's http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif

--------------------------------------
http://ubbxforums.ubi.com/images/smiley/blink.gif
Edin "Kuky" Kulelija
No76 Squadron RAAF

tHeBaLrOgRoCkS
08-30-2004, 02:27 AM
Yupper User powah is another urban myth I am afraid.

http://lynx.browser.org/

This is a jolly little tool I used for browsing on my linux system back in my 56K dayz dunno how well it works for windoze but I think I may fire it up again

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

lindyman
08-30-2004, 04:19 AM
Most probably your credit card is not in danger. More likely is that you've been a major spammer for some time. Hard to detect for a firewall, since you can't reasonably block port 25 from it (if you're lucky, your ISP blocks it for you, though.) On the other hand, better safe than sorry, and assume that it has delivered credit card info and other important data.
_
/Bjorn.

DuxCorvan
08-30-2004, 04:27 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by RAAF_Edin:
I wouldn't be suprised if such companies themselves are creating these viruses so we buy their anti-thingo's<HR></BLOCKQUOTE>

I'm sure about that. A company division to fight the viruses, and another to create them... http://ubbxforums.ubi.com/infopop/emoticons/icon_rolleyes.gif

blairgowrie
08-30-2004, 05:10 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by WTE_Galway:
if you are unsure what an obscure process in taskmanger actually does try looking it up here:

http://www.liutilities.com/products/wintaskspro/processlibrary/

it covers an amazing number of genuine and trojan background tasks in some detail<HR></BLOCKQUOTE>

That is a very helpful link WTE_Galway. Do you recommend purchasing Wintasks4?

http://img14.photobucket.com/albums/v41/blairgowrie/FBWebpage.jpg

tHeBaLrOgRoCkS
08-30-2004, 05:41 AM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by blairgowrie:
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by WTE_Galway:
if you are unsure what an obscure process in taskmanger actually does try looking it up here:

http://www.liutilities.com/products/wintaskspro/processlibrary/

it covers an amazing number of genuine and trojan background tasks in some detail<HR></BLOCKQUOTE>

That is a very helpful link WTE_Galway. Do you recommend purchasing Wintasks4?

http://img14.photobucket.com/albums/v41/blairgowrie/FBWebpage.jpg <HR></BLOCKQUOTE>

The link has some 'interesting' information on it but I am not sure I would bother with the software myself. You can find a lot of that information just by searching on the process names with google or similar.

Task manager in conjunction with zonealarm and a decent virus checker is the best method for spotting 'dodgy' processes I have found so far. With regular usage you soon learn to spot anything out of the ordinary. But that said the tool looks like it just makes monitoring system processes easier and takes out some of the 'leg work'. I tend to shy away from companies offering software to 'speed up' your system as usualy all their software does is make changes that you can make your self with a little effort and some time reading up on system tweak sites.

Caveat Emptor as the saying goes http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif.

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

blairgowrie
08-30-2004, 06:13 AM
Thanks for your good advice Rocks. I'll certainly take it. I don't like that "speed-up" software either. None of it has ever worked for me.

Think I will install Firefox though. It looks like a winner and maybe less vulnerable than Explorer.

http://img14.photobucket.com/albums/v41/blairgowrie/FBWebpage.jpg

tHeBaLrOgRoCkS
08-30-2004, 06:40 AM
Well I always get nervous when some one accuse's me of giving good advice but thank you sir.

http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif

On the subject of virus's I am currently testing this as an alternative to the more mainstream virus checkers. Mostly cos they haven't tried charge me for it (yet) and I am tight with my money http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif

It seems pretty good and looks a lot prettier than Mr Norton


http://www.avast.com/eng/avast_4_home.html

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

blairgowrie
08-30-2004, 06:54 AM
You are full of great ideas this morning, Rocks. http://ubbxforums.ubi.com/infopop/emoticons/icon_smile.gif. I had a quick look at Avast and it seems like a good AV. I like the fact that it only updates new information rather than these great big files that Norton sends. I am still on dial-up and the Norton updates seeem to take forever.

I just renewed my Norton subscription yesterday. I wonder if you can run 2 AV programs or will they conflict with one another.

http://img14.photobucket.com/albums/v41/blairgowrie/FBWebpage.jpg

tHeBaLrOgRoCkS
08-30-2004, 07:23 AM
Aww geee http://ubbxforums.ubi.com/images/smiley/1072.gif I dunno what's up with me today I must be having an off day lol thank you again.

On the subject of two virus checkers. I have only had brief experience with Norton. Tried it didn't like it, felt like it came with Jack boots and a riding crop.

I would imagine that Norton's software would probably object to having a competitor on the same system and may even acuse it of being naughtey. Like I said though I haven't enough experience of Nortons to give an honest opinion.

But I dont think it would hurt to try? I think one would be enough though so as you have already got Norton updated I would stick with it (as your used to that) maybe trial run with Avast for a week or two and see what you think if you dont like it then you have the luxury of being able to fall back on Mr Nortons software.

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

tHeBaLrOgRoCkS
08-30-2004, 08:29 AM
http://forum.avast.com/index.php?board=2;action=display;threadid=807

You may want to check their forum out before you try running them togeather the above thread aludes to some problem with norton and avast living on the same system.

Always read the label http://ubbxforums.ubi.com/images/smiley/16x16_smiley-wink.gif

http://img78.photobucket.com/albums/v323/tHeBaLrOgRoCkS/planes/signiture3.jpg

ZG77_Nagual
08-30-2004, 08:57 AM
I'm running mcafee 8.0i - pretty interesting. It has options to block ports, prevent files getting written to whatever directories you choose etc. Also starting to work on adware and spyware. On the beta list we've been stumping for a major adware/spware block included in mcaffee - looks like they may go for it.

El Turo
08-30-2004, 11:38 AM
Norton sucks.

Between zone alarm, spybot, adaware and any number of available virus programs (I like using "housecall", the free online checker, myself).. you don't need the whole Norton thing.

I find that Norton is, as has been stated, too "pushy" and too entwined into your system. Further, it doesn't ever seem to have a complete or fully updated definition database like other anti-virus programs.

Interesting links ^^ on page 1.

Good read!

Callsign "Turo" in IL2:FB & WWIIOL
______________________
This place
was once
a place
of worship
I thought,
reloading my rifle.

~V.

huggy87
08-30-2004, 12:00 PM
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by H_Butcher:
Norton sucks.

Between zone alarm, spybot, adaware and any number of available virus programs (I like using "housecall", the free online checker, myself).. you don't need the whole Norton thing.

I find that Norton is, as has been stated, too "pushy" and too entwined into your system. Further, it doesn't ever seem to have a complete or fully updated definition database like other anti-virus programs.

Interesting links ^^ on page 1.

Good read!

Callsign "Turo" in IL2:FB & WWIIOL
______________________
This place
was once
a place
of worship
I thought,
reloading my rifle.

~V.<HR></BLOCKQUOTE>


http://ubbxforums.ubi.com/images/smiley/cry.gif I wish you had told me this before I clunked down $70.