Prev: Rootkit str.sys
Next: MS whitelist suggestions? (no, it's not really a question)
From: Rube Bumpkin on 12 Jan 2010 19:24
To All,

I got a message from a friend in an email that said, "Lately there's
this window that keeps popping up, it's blue and black, I have to type
in the weird letters or it will shut down. why? this has never happened
before."

The friend is a real newbie. I can't get to the system, since I'm in the
Eastern U.S., and she's in Panama.

Until yesterday, I doubt that she had any real AV on her system. She
said that she might have had McAfee at one time. It probably came on the
system. Before I got this email, I had already recommended switching to
FF, loading Avira, SAS and MBAM. I haven't heard the results of those
scans yet.

Any ideas? What should I ask her?

Thanks in advance,
RB
From: Rube Bumpkin on 12 Jan 2010 20:46
Rube Bumpkin wrote:
> To All,
>
> I got a message from a friend in an email that said, "Lately there's
> this window that keeps popping up, it's blue and black, I have to type
> in the weird letters or it will shut down. why? this has never happened
> before."
>
> The friend is a real newbie. I can't get to the system, since I'm in the
> Eastern U.S., and she's in Panama.
>
> Until yesterday, I doubt that she had any real AV on her system. She
> said that she might have had McAfee at one time. It probably came on the
> system. Before I got this email, I had already recommended switching to
> FF, loading Avira, SAS and MBAM. I haven't heard the results of those
> scans yet.
>
> Any ideas? What should I ask her?
>
> Thanks in advance,
> RB

More info " the letters are difficult to read at times, different shapes
in shaded areas, they give you a certain amount of time to type in the
letters 2 plus minutes or it will shut down. The header bar is black the
rest is blue, the letters are shaded in black and white, it just
happened right now. The one that just happened had a squiggly line
through both words, never saw that before. It's always two words
separated with a space. It's happening so often, very annoying."

From: Gabriele Neukam on 13 Jan 2010 13:01

On this special day, Rube Bumpkin wrote:

> The one that just happened had a squiggly line through both words

She is to forced to resolve Captchas

http://en.wikipedia.org/wiki/CAPTCHA

Captchas are used to tell bots apart from human beings, so that
automatic programs cannot create hundreds of - say Gmail accounts
within one or two minutes. Wild guess: It looks like your friend has a
very specific trojan on her machine which fetches these Captchas from a
web site (se the paragrapch Human Solvers), and her response will be
fed to said web site, so that the spam accounts can still be set up.


Gabriele Neukam

Gabriele.Spamfighter.Neukam(a)t-online.de

--
ignorance can be fixed. stupidity is life-long.
(jshdude in alt.comp.anti-virus)


From: Beauregard T. Shagnasty on 13 Jan 2010 20:08
ASCII wrote:

> Gabriele Neukam wrote:
>> Captchas are used to tell bots apart from human beings
>
> Just a sophisticated test of your OCR.
> I'm waiting for someone to develop an adaptive OCR that would
> interpret those 'captchas' correctly.

Ask a spammer. They've already done it.
Google for: spammers crack captcha

--
-bts
-Four wheels carry the body; two wheels move the soul
From: Rube Bumpkin on 13 Jan 2010 22:01
Gabriele Neukam wrote:
>
> On this special day, Rube Bumpkin wrote:
>
>> The one that just happened had a squiggly line through both words
>
> She is to forced to resolve Captchas
>
> http://en.wikipedia.org/wiki/CAPTCHA
>
> Captchas are used to tell bots apart from human beings, so that
> automatic programs cannot create hundreds of - say Gmail accounts within
> one or two minutes. Wild guess: It looks like your friend has a very
> specific trojan on her machine which fetches these Captchas from a web
> site (se the paragrapch Human Solvers), and her response will be fed to
> said web site, so that the spam accounts can still be set up.
>
>
> Gabriele Neukam
>
> Gabriele.Spamfighter.Neukam(a)t-online.de
>

OK, so how do we identify the trojan for removal? If I could get to the
system, I'd use HJT and some other tools. Wothout that luxury, what do
we do?

RB
 | 
Pages: 1
Prev: Rootkit str.sys
Next: MS whitelist suggestions? (no, it's not really a question)