| ||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
11-02-2006, 08:16 PM
| |||
| |||
Since I've been doing this silly stuff since 1982, and in that time have a managed to get ONE virus attack (my own fault) on any of my 5 systems, running 98 to Vista RC2 I thought I had one of the most secure operations going...well...In the words of Gomer Pyle....surprise...surprise...surprise!! I don't subscribe to Gump's "**** happens!" either. As there are several Firefox fans on here, and contrary to popular opinion (not facts) Firefox2 is NOT as safe online as IE7. No I will not argue the fact with Firefox users, just do some real factual research on your own. Looks like FF 2.0 is doing even worse... Looks like FF is having an even worse time... http://www.securityfocus.com/bid/19488 and http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4253 Yes, that is an unpatched vulnerability in FF 2.0 Then there is also this: http://listvine.com/2006/10/25/9-rea...to-firefox-20/ So it looks like poor little FF 2.0 is really a step back, while IE7 is not seeing anything as severe as these issues FF 2.0. If IE7 had these issues FF 2.0 has, you would see a headline for every single one of those issues here on ZDNet. Better to hide FF's failings lest people get the idea it is not a better alternative than IE7. I've been missing on this forum for the last few days, as a result of an attack that has taken me many long hours, and the missing days to resolve. 1) This attack occured after I installed Firefox2 with a few bells and whistles, as it was used by others here, and as a test and setting it to my default browser and accepting al the options they gave. 2) I've got Avast Professional, Ad-Aware SE Professional, Ad-Watch Professional running on Vista. 3) The regenerating rootkit attack started on 10/19 and continued to 10/29 and here is the attached log file from Avast for reference. 4) More to come, as this was just the beginnng, and how I finally resolved it.       |
| Sponsored Links |
|
#2
11-02-2006, 08:22 PM
| ||||
| ||||
| Very interesting. Thanks Galt.
__________________ |
|
#3
11-02-2006, 09:00 PM
| |||
| |||
Moving along! Avast caught the Trojan, so I put it in quarantine to save it off, as I have been doing for years, (Anybody want some REAL viruses, I have 32 100mb Zip disks full including virus generators?)  Thinking I was ok, this started happening. I found out that some how NSIS Media got through Firefox's spyware and Pop-Up blocker. If anyone doesn't know what happends when you get NSIS Media, if Firefox is closed, it all of a sudden it opens and shows an ad from NSIS Media in another window. I NEVER get popup's period, but I sure had them now, and no the trojan effects were now gone. 1) Ok, I removed Firefox2, and that took some major work, as it does not really remove itself, so I had to eventually drop to DOS to get rid of the files it decided I still wanted, and edit the registery to boot. 2) Put IE7 back up, only to dscovere that NSIS Media had now attqached itself to IE7, through Yahoo toolbar. I don't use or like Google, and that's another virus ad-ware story. I'm not overly fond of Yahoo either, as it attacked the registery. 3) I ran Ad-Aware, Spy-Bot, Ad-Aware did NOT find it, Spy-Bot did, and so I fixed it right...wrong. The thing replecated on the re-boot. I'd open IE and bingo..pop-up every time. Ok, time for the big guns. Websweeper..problem, would not install on Vista, so that failed. Ok, Sysinternals rootkit remover...nope...won't run or install properly on Vista. Now what? 4) Started getting new ads popping up see attachment: I used Registery Mechanic found 232 errors. Now remember this is gong on for days, and I'm repeating efforts to get rid of this, also to find the source of the rootkit. Also NSIS media was in the Control Panel add/remove programs list but phoney!! Keep in mind I clean customers systems as one of my tasks that I make a living with, and now I'm getting beat to death. I restored the system of course, still didnt solve it, re-replacation again, and I'm now using professional spyware removal tools that I've got on CD. I'm in safe mode many times. Last edited by Galt : 11-02-2006 at 09:47 PM. |
|
#4
11-02-2006, 09:11 PM
| ||||
| ||||
| Ouch! Painful, painful process you are going through.
__________________ You'll never shine if you don't glow Join our Windows Vista forum or check out Vista Software. |
|
#5
11-02-2006, 09:43 PM
| |||
| |||
The steps below worked ALMOST! I did one more thing, and that was to install Trojjan Hunter: http://www.misec.net/trojanhunter/ That one finally did the job, and it has a 30 day trial. Cost is 49bucks. I will NOT use Firefox, and for more reasons than what occurred period! Remove NSIS Media Step 1. First, you will need to boot your computer into Safe Mode. This will help ensure that the NSIS Media and/or infections are not running while you are attempting to remove NSIS Media. Select 'Safe Mode With Networking Support" if you can not print this tutorial before you reboot. Before you reboot, you should click here to bookmark this page. because you will need to restart your PC. This is a critical step, so don't skip it! Remove NSIS Media Step 2. Once your computer has been rebooted into Safe Mode, you will need to manually delete some files from your computer. Navigate to and delete the files and folders listed below: C:\Program Files\Common Files\NSIS C:\Program Files\Mozilla Firefox\Chrome Now empty your Recycle Bin. Remove NSIS Media Step 3. After you have emptied your Recycle Bin, you need to open your Control Panels ( Start --> Control Panels) and then double click on the Add/Remove Programs icon. When the Add/Remove Programs window finishes populating, you need to remove the following programs: Mozilla Firefox NSIS Media Removing FireFox is necessary because deleting the Chrome folder from your FireFox installation will effectively break your FireFox installation. Before reinstalling FireFox it is recommended that you completely uninstall it. When you attempt to uninstall NSIS Media, your computer should inform you that the program is not on your computer and should ask you if you would like the entry removed from your Add/Remove Programs list. Click Yes. Remove NSIS Media Step 4. With the removal out of th way, reboot your computer into regular mode by clicking on Start, then Shut Down, then Restart. Once your system has rebooted you need to download and reinstall the FireFox browser from a TRUSTED source. For the purposes of this tutorial, we have included a link on the right to download FireFox from Google's servers for obvious reasons. Once you have reinstalled FireFox, you should be free of the NSIS infection. Keep in mind that this infection may have entered your computer through the installation of a free piece of software from Download.com or it could have been hidden in an extension update. Be extremely careful not to reinfect yourself. Many people have reported that their removal attempts have not been successful, however the actual cause of reinfection is often user error. |
|
#6
11-02-2006, 10:12 PM
| |||
| |||
Most nasty freaking... Follow the links : 1. drsmartload.exe - http://www.greatis.com/appdata/d/d/d...xe_Removal.htm 2. update.exe - http://www.auditmypc.com/process/update.asp 3. goll.exe - http://www.superadblocker.com/newthreats.html 4. install.exe - http://www.liutilities.com/products/...brary/install/ 5. service.exe - http://www.greatis.com/appdata/d/s/service.exe.htm 6. loadadv455.exe - http://fileinfo.prevx.com/spyware/qq...DV455.EXE.html |
Linear Mode
