Prev: Live Messenger on XP x64
Next: Image backup size - windows xp vs windows 7
From: Skybuck Flying on 2 May 2010 00:17
Hello,

http://members.home.nl/hbthouppermans/IE8Malware/

Date of infection: 2 may 2010

It entered my Windows XP X64 Pro Edition SP2 operating system unnoticed.

Last windows update was on 21 march 2010 I think...

Only thing noticed was misbehaving IE8 for some website ?!?.

I shut it down after a few seconds... but apperently to late.

(No firewalls, no virus scanners, no spyware scanners running).

So far the virus/spyware/malware doesn't seem to have done too much damage ?

It only seems to load ads in internet explorer ?!?

It showed up in tasklist... I terminated it.

The file was in C:\Windows\Temp\Dsq.exe according to process explorer.

I deleted it... I hope it's gone now...

Time will tell..

(I will do a windows update shortly ;))

Bye,
Skybuck.


From: Skybuck Flying on 2 May 2010 00:25
Hmm the situation seems to be a bit worse than I thought...

The virus/malware seems to have copied itself to multiple filenames:

dsu.exe
dsx.exe

Also different sizes.

I will sort the folder on date and see what files with creation date today 2
may 2010 show up:

Well some more of those...

However this file seems weird too:

sshnas21.dll "application extension".

It's date is the same... I did not install anything... so this could be it's
attack vector...

This website mentions more about it:

http://www.prevx.com/filenames/638101953234652968-X1/FSENIA.EXE.html

It doesn't mention the dll though...

It seems 28 march 2010 so it's pretty new malware...

Bye,
Skybuck.


From: Skybuck Flying on 2 May 2010 01:04
Ok, the tool on that website helped.

Explorer.exe hang a bit though.

Rebooting seemed to freeze windows a bit.

After reset button pressed windows started up..

Everything seems to be fine.

The dll in the wow folder wasn't deleted though...

But this time I could delete it manually previously it would not let me do
that... so that's what the OTM.exe tool solved.

The service is now also gone from the services...

Bye,
Skybuck.


From: Tom Orle on 2 May 2010 13:52
"Skybuck Flying" <IntoTheFuture(a)hotmail.com> wrote:


>The dll in the wow folder wasn't deleted though...
>
>But this time I could delete it manually previously it would not let me do
>that... so that's what the OTM.exe tool solved.

Skybuck,

FWIW - Unlocker is a popular freeware tool to unlock stubborn files &
folder for deletion.

I've used it for years and your comment reminded me of it and got me
to upgrade to the latest version, thanks ;-)
http://ccollomb.free.fr/unlocker/

-=tom=-


 | 
Pages: 1
Prev: Live Messenger on XP x64
Next: Image backup size - windows xp vs windows 7