• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Already have malWare on Win7... crap

T

TechBoyJK

Lifer
Not sure where it came from, but I was watching a movie last night and all of a sudden I hear a commercial for SensoDyne playing... like it was a radio commercial. I stopped the movie and the commercial was still playing. I looked around task manager, and found some extra iexplore tasks running. Killing one of them stopped the commercial. I noticed when the commercial is playing, my cpu resources jump up to about 30% utilization even if the rig is idle.

The following two links outline similar symptoms to what I am experiencing

http://en.community.dell.com/forums/t/19266561.aspx

http://www.theeldergeek.com/fo.../index.php?t37665.html

Basically some malware is launching hidden internet explorer processes that are streaming commercials. It happened last night, and I haven't had much time to investigate. Will check it out when I get home. (i turned the computer off).

I have the freeware Avast. I guess I will install HackThis, SpyBot, AdAware, and MalwareBytes, and go from there. Any other advice? I've got quite a bit of time into this install and don't want to start from scratch again.
 
Any other advice?
Click to expand...

I have some here. If you're not using a Standard User account, definitely start with that, and leave the UAC setting maxed-out (which is Win7's default for a Standard User). Several of the other tips are also applicable (DEP, Secunia's PSI, and Software Restriction Policy if you're a power user).

Out of curiosity, what video player were you using to play the movie? Sounds like it got exploited.

Oh, and the first thing you might want to do is a System Restore. If you want a better antivirus, you could always uninstall Avast and install the free version of AntiVir, but I wouldn't place excessive reliance on antivirus here. It's worth noting that multiple iexplore.exe processes are normal on Vista/7.
 
The UAC advice (or non-admin account for that matter) from mechBgon is definitely the way to go.

If you dont want to part with your admin account for every day use, you should be aware that UAC under W7 does not really protect you from malicous software at the default setting for admin accounts. MS doesnt even advertise UAC for that functionality anymore. Rather, they say it is to "protect you from poorly written, but non-malicious software" now... I think that was their "fix" to the UAC code injection vulnerability discovered a couple months ago, which to my knowledge was never fixed.

But even at the highest setting (Vista security level) it doesnt nag you as much as UAC does under Vista. So, definitely worth doing.
 
I'm assuming that all the software on your PC (the movie, Windows Enterprise, etc) was obtained through legitimate means.
 
Originally posted by: MrChad
I'm assuming that all the software on your PC (the movie, Windows Enterprise, etc) was obtained through legitimate means.
Click to expand...

Yes. I work at a datacenter and we have a VLK on Enterprise. Work alloted me a copy to install at home so that I could have remote desktop, etc. and learn the OS.
 
wow that sucks. I heard of a similar problem from someone i've worked with before and I am planning on just wiping it out and starting over!
 
It isn't a win7 problem. Stop using Internet Explorer and you will be much better off. Using IE is like hanging a big sign on your pc saying "come infect me"


 
Originally posted by: Modelworks
It isn't a win7 problem. Stop using Internet Explorer and you will be much better off. Using IE is like hanging a big sign on your pc saying "come infect me"
Click to expand...

I've dragged IE7 through the most heinous exploit-laden websites I could find, in the course of my malware-hunting work. It's actually excellent. IE8 is even better. Feel free to dis IE6 all you like, however 😀

If you do want to eliminate prime attack surface, look at your browser's plug-ins and your other installed software. The Secunia PSI utility is great for this... statistically, only 2% of first-time PSI users come up fully patched on the first try. If you read up on the current security scene, you'll see it reiterated again and again: the bad guys are going for the softer targets, such as vulnerable versions of Flash Player, QuickTime, Java, RealPlayer, Adobe Reader, Foxit Reader, Skype, WinZip... stuff your browser can be used to get at, even if your browser itself is secure. Point in case: Flash Player exploit that works on OS X, Linux and Windows, in Firefox, IE or Safari
 
Originally posted by: pcslookout
Thanks mechBgon but does Secunia PSI utility suppose to continuously run in a loop over and over again scanning constantly?
Click to expand...

If you have the real-time part of PSI turned on, it'll keep its system tray icon alive and take note of software installations/uninstallations you do. But if it keeps looping when you run a manual scan, that's not normal 😕
 
Originally posted by: mechBgon
Originally posted by: pcslookout
Thanks mechBgon but does Secunia PSI utility suppose to continuously run in a loop over and over again scanning constantly?
Click to expand...

If you have the real-time part of PSI turned on, it'll keep its system tray icon alive and take note of software installations/uninstallations you do. But if it keeps looping when you run a manual scan, that's not normal 😕
Click to expand...

Thanks. I think I fixed it in my Windows 7 64 bit but had to do a restart. Maybe because it was installed in my limited account it caused this issue until I restarted? Not sure. Strange though. Oh well at least it fixed itself! Only thing it doesn't do is startup automatically when I login to my limited account on bootup. Oh well.
 
I've dragged IE7 through the most heinous exploit-laden websites I could find, in the course of my malware-hunting work. It's actually excellent. IE8 is even better
Click to expand...

Yup....love the kiddies who tell you how evil IE is, but then are oblivious to admin rights / UAC issues.

Might have been a codec exploit / re-direction. A bit dissapointed that Win7 got nurfed so quickly though.

 
I've dragged IE7 through the most heinous exploit-laden websites I could find, in the course of my malware-hunting work. It's actually excellent. IE8 is even better. Feel free to dis IE6 all you like, however
Click to expand...

Agree 100%. I have never had an infection or problem using IE. And I have been places that a drunken sailor wouldn't go .... I know I used to be a drunken sailor.

pcgeek11
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top