Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 03, 2016, 01:44:47 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Evil, evil trojans and virii  (Read 4536 times)

Cpilot

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 293
    • View Profile
    • Bite Notes
    • Read more about this member.
    • Donate to Member
Evil, evil trojans and virii
« on: August 21, 2008, 11:55:17 PM »
This week I've had the pleasure of fighting with a persistent and evil Trojan/virus on my system that finally required a wipe of my hard drive and installation of Windows XP.
No anti-virus software that I tried wouldn't even recognize that I had a Trojan/virus.
What it would do is execute an instance of IE and display various advertising webpages and slow my system down. The offending executable would show up in the task manager as dEmE3H1V.exe.
A search of the system would show dEmE3H1V.exe_pf in the windows pref etch folder and dEmE3H1V.exe with dEmE3H1V._a_a in the system32 folder.
Deleting them of course was futile as they would replicate themselves at a later time.
After they were deleted IE would close due to an error in D6M3t6p7.dll, Of course I have no idea what this browser "helper" was supposed to do. Disabling it had no effect.
Googling these items showed no results.
The result of these "items" running was multiple crashes and a slowing of my system, I believe that this virus/Trojan was picked up through my sons My Space account.

It's already too late to save myself from the damage caused by these but I wanted to post a warning and maybe get some input on protecting systems from possible unknown threats that others may have encountered, and start a thread on real time little known threats that are out there and how to fix or avoid them.

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,258
    • View Profile
    • Coding Snacks by Lanux128
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #1 on: August 22, 2008, 12:14:57 AM »
SmitFraudFix is quite good at removing these malware-types. as soon as you realize that you're infected, restart in safe mode and let the program clean your PC.

Fix01b1.png
http://siri.urz.free.../SmitfraudFix_En.php

Cpilot

  • Charter Honorary Member
  • Joined in 2006
  • ***
  • Posts: 293
    • View Profile
    • Bite Notes
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #2 on: August 22, 2008, 12:21:09 AM »
SmitFraudFix is quite good at removing these malware-types. as soon as you realize that you're infected, restart in safe mode and let the program clean your PC.
 (see attachment in previous post)http://siri.urz.free.../SmitfraudFix_En.php
Might be an idea, and I hate to be presumptuous, that DC might need a forum to discuss these concerns.
There are new threats out there every day and a repository of what they are and possible methods to elimate them would come in handy.
I know I could have used it.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #3 on: August 22, 2008, 08:11:21 AM »
Stop using IE, and start using firefox with and ad-blocker and possibly also noscript. You might want to use a tool like DropMyRights to run your browser in an even more safe mode.
- carpe noctem

p3lb0x

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 376
  • Beer, beer, beer, I'm going for a beer!
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #4 on: August 22, 2008, 03:50:44 PM »
Stop using IE, and start using firefox with and ad-blocker and possibly also noscript. You might want to use a tool like DropMyRights to run your browser in an even more safe mode.

Our mom had the same problem, she had infected her own and her boyfriends computer with a bunch of crap by using IE, we have FINALLY after 8 months or so gotten her to use FireFox with adblock+
Stop mousering people so much - Mouser

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,713
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #5 on: August 23, 2008, 03:24:35 AM »
That stinks, Cpilot! Sorry for all you had to go through.

Recommendation: Ban MySpace from your computers.


f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #6 on: August 23, 2008, 03:29:36 AM »
Yeah, MySpace is host of evilness. Dunno what's worst, though - the malware, or all the i-want-to-poke-my-eyes-out horrid HTML?
- carpe noctem

lanux128

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 6,258
    • View Profile
    • Coding Snacks by Lanux128
    • Read more about this member.
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #7 on: August 23, 2008, 05:18:53 AM »
Evilness could also creep in via emails, especially if one uses Outlook Express with the auto-preview on. ;D recently a colleague caught CWS this way.

cmpm

  • Charter Member
  • Joined in 2006
  • ***
  • default avatar
  • Posts: 2,025
    • View Profile
    • Donate to Member
Re: Evil, evil trojans and virii
« Reply #8 on: August 23, 2008, 07:19:22 AM »
This is a good one to run.
The free version is fully functional.
The paid one adds all the automatic updating and scanning.

http://www.malwarebytes.org/mbam.php