Sign in to follow this  
Followers 0
DarkRider

Internet Security 2010 and Other Nasty Security Viruses

61 posts in this topic

Ok this is interesting. I needed to down load some programming software from the manufacturer`s site over the weekend but was unable to access the site. I found an aftermarket vendor who handled the equipment I need to load and saw they also had the software and I downloaded from there. This morning at work I installed and ran the .exe...all went well till it also wanted to install something WinPcap. There was an address to winpcap.org at the bottom so I checked it.....scary kinda. I nixed the install and proceeded with the original software install and all`s well so far.

0

Share this post


Link to post
Share on other sites

Really should have posted it direct from Nexus so people don't have to go looking:

 

From Darkone on Nexus posted 3 days ago:

 

 


Be careful: Trojans masquerading as popular executables
posted by Dark0neSite News
This is a heads up announcement to please, for the love of all that is good, always keep your wits about you when downloading from here or anywhere on the internet.

There is currently an individual who is placing trojans within well known pieces of Skyrim software, such as the Skyrim Character Editor and even Skyrim Mod Organizer, and then uploading them as new files here on Skyrim Nexus (note, the original files here and here are NOT compromised, this user is uploading new files to the site masquerading as these files). This trojan has code within it that will retrieve any passwords you have stored in your browser and send them to the script kiddy's email address. The script kiddy is then using the details he has stolen from users "unlucky" enough to be exploited in this way, logging in to their accounts here on the Nexus and then uploading another trojan via the same method.

If you believe you may have fallen for this exploit then ALL the passwords you have stored in your browser have been compromised. You should change your passwords immediately for any and all sites you use, and change your passwords on any sites where you have used the same password, even if you don't have that site's login stored.

If you stick to common sense practises while browsing the internet then this will not be a problem for you at all. Things you should always be suspicious of or do:

  • Files with comments disabled that have only been uploaded in the past day
  • Elaborate and complex files uploaded by new users or users who have previously not uploaded a single file or made a single comment on the sites
  • Software that has absolutely no business using your internet connection trying to make a connection to the internet
  • Executable files, or files containing .DLL libraries unless you are absolutely sure it can be trusted.
  • Always, always run a virus scan on any files you download from this or any site you download from
  • If in doubt, don't download or open the file and wait to see what other more experienced users are reporting


I sympathise with the people who have been caught by this, but you got caught by this because you aren't using your common sense. Please, for your sake, keep your wits about you and don't let your guard down when downloading files on the internet.

If you don't have a firewall, or if your firewall does not warn you when new, unrecognised and untrusted software is trying to connect to the internet please follow these steps:

  1. Find your router
  2. Rip your router away from any connected cables
  3. Open the nearest window
  4. Throw your router out of it
  5. Close the window

Honestly, get a firewall, install it, and understand how it works. Without one it's very possible your system is a drone in a botnet and likely a part of the perpetual problem of the internet that is DDoS'ing, something that we're no stranger to here.

 

Edited by Arion
0

Share this post


Link to post
Share on other sites

Well... this is new to me... anyone know how to handle a problem with the dllhost.exe file in my SysWOW64 folder?

0

Share this post


Link to post
Share on other sites

I began getting pop ups from malware Bytes about a blocked malicious website. Thing is... this said it was outbound. It also gave me two IPOs which I traced to Cyprus, and Russia. It gave me a file path of C:\windows\Sys WOW64\dllhost.exe. Sooo... I spent time online searching. Not uncommon but, not easy to fix since the dllhost.exe is in the OS.

The pop ups became alomost constant over a few days and I had to make the hard choice..... reinstall my OS. Mopping up now.

0

Share this post


Link to post
Share on other sites

dll host runs a boatload of stuff..... if you use something like process explorer, you will see multiple instances of it running. Hard part is, determining which one is the problem..... as it doesn't TELL you WHICH dll each individual process is running..... (which strikes me as kinda pointless.)

 

There are a couple different bits of malware that take advantage of that..... some of which don't actually have a file, that the typical malware scanner can find, and remove.... There ARE tools that can find them, however, I have yet to find one that can actually REMOVE them. O/S reload is pretty much the only option. Kind of a drag......

0

Share this post


Link to post
Share on other sites

Thank you HY .. I got as much from my searches. This is why I went ahead and pulled the trigger on the scattergun alley sweeper.

0

Share this post


Link to post
Share on other sites

and that will *almost* always fix it. :)

 

I am seriously considering an SSD, and installing win7...... they have gotten DIRT cheap. I can get a 256gb drive for 100 bucks..... (thru work.)

0

Share this post


Link to post
Share on other sites

That sounds ominous ... "almost" always? :D  I`d sure like to head towards an SSD change over but.... that would mean an even deeper wipe and total reinstall of pretty much everything.

0

Share this post


Link to post
Share on other sites

Yeah, reason it hasn't happened yet is BECAUSE I am not real excited about reinstalling everything. (generally a two to three day affair.... if all goes well.)

 

There is the rare flavor of virus that can infect your master boot record (which is fixable.....), and then there are also those that infect bios........ I hate those, as the only SURE way to get rid of them is to replace the chip, or the whole mainboard. Such fun we have for you. (but, haven't seen one of those for quite some time now.)

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0