-
July 18th, 2004, 07:08 PM
#11
Junior Member
Ok, rebooted into safe mode & decided to try & manually delete the amee file & it worked.
Must have been some kind of trojan?
Thanks for all your help with this folks, much appreciated
-
July 19th, 2004, 12:59 AM
#12
COMPLETELY uninstall norton and all it's affiliates, and delete all the files left over from it, then reinstall norton from scratch. It sounds like Norton probably got corrupted, hence you might still be infected.
[H]ard|OCP <--Best hardware/gaming news out there--|
pwned.nl <--Gamers will love this one --|
Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
-
July 19th, 2004, 07:12 PM
#13
Junior Member
graemejaxx, normally I would recommend that you backup any data that you need, wipe the hard drive, and do a complete re-install. That is pretty much a "best practice" kind of thing to do after an attack, theory being that the attacker may have installed or done something that at this time you can not detect. However, I understand that this may not be an option for everyone, including your self...
So, assuming that you are on a home network I would recommend that you run a sniffer such as tcpdump or ethereal this should give you a good idea of what is being broadcast from or sent to your box. Next, I would recommend that you take a visit to http://www.rootkit.com. Download the windows rootkit detection utility, and let it run. I say this, because I recall hearing about a rootkit that infected Norton's various utilities. I hope this helped a little.
P.S. Just because you deleted a file, and no longer see a process when you "Ctrl-Alt-Del" does not mean you dont have a hidden process still running at kernel level.
-Shell_Coder
-
July 19th, 2004, 09:03 PM
#14
is he running 2 personal FW or am i wrong?
NIS and Kerio?
if i am correct, is there any kind of potential conflict, besides performance?
l
Meu sÃtio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
July 20th, 2004, 02:35 AM
#15
Hmm, probably is making some sort of conflict... maybe thats how he got the trojan/spyware/WTF ever it is...
[H]ard|OCP <--Best hardware/gaming news out there--|
pwned.nl <--Gamers will love this one --|
Light a man a fire and you\'ll keep him warm for a day, Light a man ON fire and you\'ll keep him warm the rest of his life.
-
July 20th, 2004, 02:47 AM
#16
of course all i could find of a file named amee.exe is search bars so it could be spyware related. If all else fails try running an updated copy of spybot search and destroy.
(edit) and just out of curiosity, Do you remeber what folder it was in? The directory that it was in could be a real clue as to what it was(/edit)
-
July 20th, 2004, 06:19 PM
#17
Junior Member
Hi, it was in Application Data.
Norton actually picked up the 'amee' prob prior to me installing Kerio and i don't appear to have had any conflicts from the two.
I've actually compeltely uninstalled Norton now anyway as my sub was up.
I'll try the rootkit program and see if that throws anything up.
Will keep you guys updated.
Regards
G
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|