- Aug 25, 2001
- 56,571
- 10,207
- 126
I was checking my event log recently, and I came across these entries:
Access to C:\DOCUME~1\Larry\LOCALS~1\Temp\~nsu.tmp\Au_.exe has been restricted by your Administrator by the default software restriction policy level.
...
Access to C:\DOCUME~1\Larry\LOCALS~1\Temp\~nsu.tmp\Zu_.exe has been restricted by your Administrator by the default software restriction policy level.
They were from the whole alphabet, all the way from Au_.exe to Zu_.exe.
I found this , indicating that it might be the zlob trojan.
This is pretty scary for me, my Firefox crashed the other day (again), because I had it so overloaded with tabs (takes literally about 20 min to re-load all the tabs when I re-start it), so I've been using IE7 to do small browsing.
Only known sites, like forums.anandtech.com, dslreports.com, fatwallet.com, and a few online shopping sites and google searches. No pr0n browsing, nothing towards the seedy side of the internet.
Thankfully, before I started using IE7, I started using a limited-user account, and set up SRP.
Is this evidence that I have safely dodged a zlob trojan attack? Or do I need to scan my machine still?
I don't have a lot on the machine, I could just reformat if I wanted to. I want to make certain that my machine is clean though.
Edit: This certainly re-affirms my belief that IE7 is an insecure browser, if I get attacked by a trojan, browsing "safe" sites, within less than a week of using it, after using Firefox for who knows how many years and nary a thing attacks me.
Edit: I found all of those files in my temp directory. They all say "Adobe Flash Player ActiveX Installer 10.x.x.x", and have the flash-player logo as an icon. This might be a false alarm, as I accidentally attempted to downgrade and re-install my flash player 9.x in my limited user account last week, forgot to switch to the admin account.
It must be a false alarm, I scanned with MalwareBytes and SuperAntiSpyware, and neither one of them picked up anything.
Access to C:\DOCUME~1\Larry\LOCALS~1\Temp\~nsu.tmp\Au_.exe has been restricted by your Administrator by the default software restriction policy level.
...
Access to C:\DOCUME~1\Larry\LOCALS~1\Temp\~nsu.tmp\Zu_.exe has been restricted by your Administrator by the default software restriction policy level.
They were from the whole alphabet, all the way from Au_.exe to Zu_.exe.
I found this , indicating that it might be the zlob trojan.
This is pretty scary for me, my Firefox crashed the other day (again), because I had it so overloaded with tabs (takes literally about 20 min to re-load all the tabs when I re-start it), so I've been using IE7 to do small browsing.
Only known sites, like forums.anandtech.com, dslreports.com, fatwallet.com, and a few online shopping sites and google searches. No pr0n browsing, nothing towards the seedy side of the internet.
Thankfully, before I started using IE7, I started using a limited-user account, and set up SRP.
Is this evidence that I have safely dodged a zlob trojan attack? Or do I need to scan my machine still?
I don't have a lot on the machine, I could just reformat if I wanted to. I want to make certain that my machine is clean though.
Edit: This certainly re-affirms my belief that IE7 is an insecure browser, if I get attacked by a trojan, browsing "safe" sites, within less than a week of using it, after using Firefox for who knows how many years and nary a thing attacks me.
Edit: I found all of those files in my temp directory. They all say "Adobe Flash Player ActiveX Installer 10.x.x.x", and have the flash-player logo as an icon. This might be a false alarm, as I accidentally attempted to downgrade and re-install my flash player 9.x in my limited user account last week, forgot to switch to the admin account.
It must be a false alarm, I scanned with MalwareBytes and SuperAntiSpyware, and neither one of them picked up anything.
Facebook
Twitter