Page 4 of 6 FirstFirst ... 23456 LastLast
Results 31 to 40 of 56

Thread: Threat named AntivirusXP

  1. #31
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by Cider
    Well in the office I used spybot which seems to reverse all the erros this crap did.

    I am waiting on a response from my virus department about this malware. A headache I tell you.

    One thing I dont understand about malware in general - how do people get infected I know it sounds stupid but I rarely get hit by something

    quite odd.

    I always ask my clients what were you doing at the time of infection, I rarely get a legitimate answer however when I do it is always surfing dodgy sites ...
    So.. how do you get spybot to clear the registry when 30% of the infections lock you out of the registry?

    As or infections.. and being infected..
    User opens any and every email attachments and all..
    Allow all pop-ups to do as promised
    Machine is not fully patched..
    99% of users allow all scripts and activeX to run
    (How many don't use Spyware blaster? or have a add/bad site blocking HOSTS file? )
    How do you know what a Bad site is? I don't .. is it the porn sites? is it the Auction Sites?.. or is it the hacking sites? the P2P link sites, Facebook? Myspace? Ask? Tucows? Tudogs? ... mysite? ebay? cnn? AO?
    I don't know.. .. I've been hit on trusted sites, and have seen clients machines hit from all of the above... all via a bad advertisement or a script in the page..
    sometimes from deliberate clicks on pages, some times from auto run scripts..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  2. #32
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    What surprises me is that I haven't come across it yet?

    Must be an "underarm problem?"....... Australian and New Zealand cricket fans will remember that one?......... the Chappel brothers? Greg and Ian as I recall?

    Well,

    1. FF with adblock and script block
    2. DiamondCS: RegistryProt and Process Guard.............. WormGuard as well perhaps? (See, Aussies can do things better than bowl underarm)
    3. With IE just make sure that ActiveX and other scripts require user permission.
    4. A firewall?
    5. Don't clicky clicky?

    I have to go out now, but will come back with some more ideas............. does anyone fancy writing a tutorial?


  3. #33
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    I got hit by something yesterday...while on trusted sites, Taz, AO, Facebook, CBC, CNN and a link to a news article provided by CNN.

    Symantec caught it....I dont know where it came from as I had all those sites open

    Bloodhound.exploit.193

    I did some reading and about 20,000 legit sites are infected and are infecting web users.

    patch patch patch....update update update.

    Run as a limited user.

    MLF

    Edit>oh and I was connected to msn...although no open conversations (thats how I talk to my kids when they are at their dads)
    Last edited by morganlefay; August 18th, 2008 at 02:15 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  4. #34
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    CNN and a link to a news article provided by CNN.
    Pretty sure thats where you got it from Morgan. Check out this post:

    http://antionline.com/showthread.php?t=277349

    Cheers:
    DjM

  5. #35
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    CNN Alerts <rooke@sovhealth.co.za> CNN Alerts: My Custom Alert
    MSNBC Breaking News <paavi_1985@tsa .. msnbc.com - BREAKING NEWS: Stupid Asians
    MSNBC Breaking News <FERNANDO-lucib .. msnbc.com - BREAKING NEWS: High calorie
    MSNBC Breaking News <nirteppa1953@l .. msnbc.com - BREAKING NEWS: Freddie Mac l

    no comment.
    Industry Kills Music.

  6. #36
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Sorry ...I dont understand your post stanger

    I dont have CNN Alerts...but I may have inadvertively clicked on something.
    Thats where I read my US news

    Thanks DjM....I am usually very careful of my sites visited and what I click on

    Makes sense now...cause I havent had any funkiness today....but I don dare go to CNN!!!



    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  7. #37
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    The file blphcptej0e75e.scr, is a legal file of Sysinternals company and is not detectable.
    This company belongs to Microsoft.



    The response from out Virus department.

    I searched for this file on the internet and no go.

    Anyone got any information for this ...

    N.B I made a big stink about this and the director involved. Nihil its not that one who gave all the money away to the church :P

    I phoned spain and asked for this guy :P
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  8. #38
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    The file blphcptej0e75e.scr, is a legal file of Sysinternals company
    No, it isn't................Sysinternals don't do randomly named screensaver files (.scr)

    Neither does the Microsoft Corporation..............

    If you can grab a copy just submit it to Jotti and Virus Total............... or to me?

    I posted the links earlier in this thread........... I would suggest that you bookmark them.

    You cannot find that file on the internet........... you can find every other damn Microsoft or whoever's file? so why not that one????????????

    I will manage your virus research team at the moderate fee of €2,500 per day, plus expenses (I am very "expensesive").

    Is your corporation hell bent on self destruction? it does seem that way from what I can see. Just because you can see something in the script that claims that the item belongs to X, Y or Z corporation, doesn't mean that it is true?

  9. #39
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Yeah quite a problem.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  10. #40
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    That's a typically bad sign when a file like "blphcptej0e75e.scr" doesn't come
    up in the search engines. Basically it means the file or its name is too new to
    show up on the web yet and was probably created by some rogue developer.
    Legit files are all over the search engines.

    Did you try right-clicking on the file to check the properties? Under the "Summary"
    tab is some info that'll tell you the version, who wrote it, etc., etc. Of course,
    if it's a virus, you might get infected doing that, so you might try it on an old
    PC.

    Another safe browsing alternative is to use a virtual machine. I lean pretty
    heavily on that technology these days.
    Last edited by brokencrow; August 20th, 2008 at 12:08 PM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Similar Threads

  1. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  2. Apache update opens the door to a bigger threat
    By moxnix in forum *nix Security Discussions
    Replies: 2
    Last Post: October 23rd, 2004, 05:28 PM
  3. Heads Up - Cumulative Patch for Microsoft SQL Server (815495)
    By CXGJarrod in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 23rd, 2003, 10:00 PM
  4. US - Homeland Security Threat Level
    By sirrahj in forum Cosmos
    Replies: 17
    Last Post: February 15th, 2003, 01:42 AM
  5. Cat3 threat upgrade:VBS.VBSWG.AQ
    By zigar in forum AntiVirus Discussions
    Replies: 0
    Last Post: June 6th, 2002, 03:57 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •