|
|
Adrius
Honorable
Undefeatable Hero
Stand and fight!
|
posted November 10, 2008 10:51 PM |
|
Edited by Adrius at 22:53, 10 Nov 2008.
|
Ouuuuch...!
You have my sympathies... I'll check that thing you mentioned.
EDIT: Checked the netstat thingy, I'm unharmed... phew.
____________
|
|
DagothGares
Responsible
Undefeatable Hero
No gods or kings
|
|
posted November 10, 2008 10:55 PM |
|
|
question: I have lousy anti-virus software. One of my programmes that helped the computer run properly had been erased and forced me to reinstall everything. Is it possible that this... connection is the reason? Or is it another virus/ stupid mistake of mine that is more likely to be the cause?
____________
If you have any more questions, go to Dagoth Cares.
|
|
Asheera
Honorable
Undefeatable Hero
Elite Assassin
|
|
posted November 10, 2008 11:00 PM |
|
|
FoG, did you experience an Acrobat Reader opening when navigating HC?
I don't seem to have that malware. Probably because of NoScript who didn't even let the Acrobat Reader open.
Or maybe you got this from somewhere else?
____________
|
|
friendofgunnar
Honorable
Legendary Hero
able to speed up time
|
|
posted November 10, 2008 11:05 PM |
|
|
Quote:
FoG, did you experience an Acrobat Reader opening when navigating HC?
I don't seem to have that malware. Probably because of NoScript who didn't even let the Acrobat Reader open.
Or maybe you got this from somewhere else?
Yes, the same thing happened to me that happened to many people. HC redirected me to upload a .pdf file from a server in the Ukraine. Acrobat opened up in the background and started using about 222 megabytes ofmemory. (you can see from my earlier posts that somehow the pdf file enabled hard disk writing, which loads the virus onto computers)
|
|
Asheera
Honorable
Undefeatable Hero
Elite Assassin
|
|
posted November 10, 2008 11:08 PM |
|
|
So I guess NoScript is the one responsible for keeping me safe from this kind of malware.
Definitely a great firefox addon I truly recommend it.
____________
|
|
friendofgunnar
Honorable
Legendary Hero
able to speed up time
|
|
posted November 10, 2008 11:09 PM |
|
|
Quote:
Ouuuuch...!
You have my sympathies... I'll check that thing you mentioned.
EDIT: Checked the netstat thingy, I'm unharmed... phew.
BTW, keep checking it whenever you are on the 'puter. I did so frequently after the HC event but it was only this morning that it reared its ugly head.
|
|
Adrius
Honorable
Undefeatable Hero
Stand and fight!
|
|
posted November 10, 2008 11:13 PM |
|
Edited by Adrius at 23:27, 10 Nov 2008.
|
DAMNIT!!! It just popped up! And I never even got the acrobat thingy!
Might be from another site... don't know... this sucks...
So, the only way to get rid of it is reisntalling the whole thing? Is there any other way, help me...
EDIT: And now it's gone again... heh, I'll try to find some sort of Spyware/Keylogger/whatever remover. My Spydoctor program only detects spyware, it doesn't remove it (requires more money... but it's the best one there is anyway.)
EDIT2; I'm beginning to think that I might have been suffering from an illusion or something... the thing doesn't pop up again and it seems unlikely that I managed to pin-point the exact moment it arrived, and how can it dissapear? Weird really... I shall keep my eyes open...
____________
|
|
Adrius
Honorable
Undefeatable Hero
Stand and fight!
|
|
posted November 10, 2008 11:37 PM |
|
|
Ok... what the hell is this?
game-advertising-online.com:http SYN-SENT
...
This is something else right...? Not all SYN-SENT things are evil? Sounds more like one of those ads to me.
____________
|
|
Asheera
Honorable
Undefeatable Hero
Elite Assassin
|
|
posted November 10, 2008 11:40 PM |
|
|
It's the add from the top of HC.
____________
|
|
Adrius
Honorable
Undefeatable Hero
Stand and fight!
|
|
posted November 10, 2008 11:41 PM |
|
Edited by Adrius at 23:46, 10 Nov 2008.
|
I know... I also have one from something called Microterra... is this one evil...?
EDIT: Lol, I'm entering permanent paranoid state here... help me in my noobness.
EDIT2: Since these ones does not activate while I don't have any browsers open, I'm pretty much safe right? Lol, I should've read FoG's post a bit better.
____________
|
|
friendofgunnar
Honorable
Legendary Hero
able to speed up time
|
|
posted November 11, 2008 12:01 AM |
|
|
|
I just changed my original post to make it clearer. If you're computer is trying to open a connection (the SYN_SENT notice) with somebody on RIPE Network Coordination Centre (91.0.0.0 - 91.255.255.255) it means you're infected with a keystroke logger.
|
|
friendofgunnar
Honorable
Legendary Hero
able to speed up time
|
|
posted November 11, 2008 04:21 AM |
|
|
This is the file:
acpiz.dll
search your hard drive, if you have it you're still infected.
On my 'puter it's at
C:\windows\system32\acpiz.dll
"Unhackme", the program that Shadow linked to, will remove it but it comes back the next time you boot. Windows malicious software remover can't get rid of it permanently either.
Let me know if somebody can figure out how to get rid of it for good...
|
|
dimis
Responsible
Supreme Hero
Digitally signed by FoG
|
|
posted November 11, 2008 07:51 AM |
|
|
I don't know if this helps (and I haven't read more than this page of the thread), but in a similar case a friend of mine got rid of the virus without actually getting rid of the virus from his computer.  The idea is to try to change the first few bytes of the .exe that is loaded while booting and which is responsible for creating that dll file. If you do that, then the first few instructions are rubbish, and it won't work anymore. Of course if you don't know which .exe file that would be, you can try to change the contents of the "problematic" dll; again with the same ultimate goal.
____________
The empty set
|
|
william
Responsible
Undefeatable Hero
LummoxLewis
|
|
posted November 11, 2008 07:55 AM |
|
|
Interesting. I think that would work actually. Next time I get some kind of virus that just won't go away then I'll try that.
____________
~Ticking away the moments that
make up a dull day, Fritter and
waste the hours in an off-hand
way~
|
|
Adrius
Honorable
Undefeatable Hero
Stand and fight!
|
|
posted November 11, 2008 09:06 AM |
|
|
@FoG: Thanks... I usuallly freak out over nothing.
Last time I thought I had a virus I managed to do more harm to my computer than the virus itself...
____________
|
|
Asheera
Honorable
Undefeatable Hero
Elite Assassin
|
|
posted November 11, 2008 02:00 PM |
|
|
I don't have an acpiz.dll file
And I used ShadowCaster's program, no file like that was 'suspected' (although Firefox was a suspected file lol  )
____________
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
|
posted November 11, 2008 02:02 PM |
|
|
Quote:
(although Firefox was a suspected file lol )
maybe it is infected, what's so "lol" about it? 
I know there are false alarms but it's not such a lol.
____________
The above post is subject to SIRIOUSness.
No jokes were harmed during the making of this signature.
|
|
Asheera
Honorable
Undefeatable Hero
Elite Assassin
|
|
posted November 11, 2008 02:03 PM |
|
|
If it was changed, the Firewall would have said that. So unless it was infected from the beginning (yeah right), it was a false alarm
____________
|
|
TheDeath
Responsible
Undefeatable Hero
with serious business
|
|
posted November 11, 2008 02:04 PM |
|
|
Most firewalls only detect "CRC-checksum" differences. Maybe the virus is smart enough to have the same checksum after modification.
____________
The above post is subject to SIRIOUSness.
No jokes were harmed during the making of this signature.
|
|
william
Responsible
Undefeatable Hero
LummoxLewis
|
|
posted November 11, 2008 02:28 PM |
|
|
Damn. Just got that adobe program pop up. Hasn't happened in a long time. 
____________
~Ticking away the moments that
make up a dull day, Fritter and
waste the hours in an off-hand
way~
|
|
|
|
This thread is pages long: 
