Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: mysterious e-mails

  1. #11
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    here is the hijackthis log... i checked the taskmanager, and it doesn't show any process named that... i also searched the registry...
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  2. #12
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,534
    AHHHHHHH.....
    I've found a troll, and my super trusty (blunted and rusty) reds AREN'T working.
    AP window just freezez?
    Please dont nuke him until I get to balance my account............

    [I am (of course) refering to the marco10 post...........................]

    [edit] Too late, the troll thread is CLOSED. Me goes HOME to an advert the size of me monitor, sigh...........[/edit]
    so now I'm in my SIXTIES FFS
    WTAF, how did that happen, so no more alterations to the sig, it will remain as is now

    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #13
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Thank you djscribble for explaining the now closed and deleted thread to me. While I was jumping back and forth, one of our mods was being super efficient and got rid of it.
    Thank you to the mod that deleted it also, we don't need that kind of guff on the front page.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  4. #14
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Ok you will need to do another scann in HJT and tick the following:

    C:\WINDOWS\System32\EXPLOER.exe
    O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINDOWS\System32\EXPLOE~2.DLL ===This looks like a part of the keylogger
    O4 - HKLM\..\Run: [EXPLOER] C:\WINDOWS\System32\EXPLOER.exe

    that is at first glance..

    do the scann for that file in SAFE MODE.. MAKE SURE THAT YOU DISABLE SYSTEM RESTORE..
    When we have this little F/tard out then the system restore can be returned..


    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #15
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    there was a total of 5 files, one was in the prefetch, then there were 2 exe's exploer and exploerr, and then 2 dll's which i used a tool that was posted earlier to remove

    i also submitted the files to symantec so that they will eventually get into the antivirus databases

    i don't believe that my box got owned..... at least i didn't do anything critical like bank account/social security stuff
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  6. #16
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    no funnies being detected by Zonealarm?

    It should now be safe to turn System Restore back on..

    ur lucky.. some keyloggers time stamp the activity.. We would have had some idea as to how fast you type as well ..
    Good move submitting the files to Symantec.. i've decided to submitt the zip file to them as well..

    Certainly would recommend changing your Password for AO.. don't need that ***** useing your account..do we?

    cheers

    any chance posteing the exploer.exe and the .dll here for us to have a look at..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #17
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    here is the zip file that i sent to symantec... all files were in system32 except the .pf file (that was in prefetch) and then there was the registry entry that is in my hijackthis log

    Trust No One
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

  8. #18
    Senior Member
    Join Date
    Jun 2004
    Posts
    460
    well, i just got a response back from symantec -- they say it is an "extended" threat, classified it as spyware and in essance said sucks to be you... furthermore, i brought the zip file over to a computer that has mcaffee 8 beta, and it caught it as a virus right away....

    hmmm..... i used to hate mcaffee..... now i figure they are both on the same level -- if anyone knows anything better just let me know

    the case of the mysterious e-mails is now closed
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
    CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •