Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43431
  • Total Topics: 16526
  • Online today: 2873
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 1
Guests: 2866
Total: 2867









Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: devnullius
« on: 24. September 2014., 23:37:09 »

http://malwaretips.com/threads/360-ts-vs-avast-free.29073/

Which one do you prefer?
Avast! free   
27 vote(s)   57.4%
360 TS   
20 vote(s)   42.6%
Posted by: Samker
« on: 02. September 2014., 20:05:06 »

...

I must say, I really like 360 Total Security. You should check it out, might replace my avast real soon! ;p

...

???

Chinese AV: http://360safe.com/totalsecurity.html


P.S.

Sorry for OT...

Posted by: neerajrawat1
« on: 02. September 2014., 18:55:09 »

Do share your views about malwarebytes, emsisoft and sophos on PC2 apart from the other ones you listed
Posted by: devnullius
« on: 02. September 2014., 16:05:23 »

Hmm... It seems the YouTube advertisement belongs there but does not always show itself. But it's atually legit. So PC1 is considered clean now :)

I just picked up PC2 - let's see what's really going on there ;p

Devvie
Posted by: devnullius
« on: 02. September 2014., 11:13:35 »

I'm alive lol
Uhm.... The AVs will check the hooks for paths and then scan those paths, if the malware can get past the scanner... no alarm will be raised :/
HJT log might be needed

HJT log:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:12:54, on 2-9-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 30.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\explorer.exe
C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
C:\Program Files\360\Total Security\safemon\QHSafeTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxapps.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files\Canon\My Image Garden\cnmigmain.exe
C:\Windows\system32\taskhost.exe
C:\Users\Enrico\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxcr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Enrico\Downloads\== WWW\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://nl.search.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://nl.search.yahoo.com?fr=hp-avast&type=avastbcl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://nl.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://nl.search.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit,
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - (no file)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [PuranADT] C:\Program Files\Puran Defrag\PuranADT.exe
O4 - HKLM\..\Run: [SAOB Monitor] C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [adm_tray.exe] C:\Program Files\Acronis\DriveMonitor\adm_tray.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe"
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Handy Start Menu] "C:\Users\Enrico\AppData\Local\ChemTable Software\Handy Start Menu\HandyStartMenu.exe" /Enable
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [uTorrent] C:\Users\Enrico\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Çàêà÷àòü ÂÑÅ ïðè ïîìîùè Download Master - C:\Program Files\Download Master\dmieall.htm
O8 - Extra context menu item: Çàêà÷àòü ïðè ïîìîùè Download Master - C:\Program Files\Download Master\dmie.htm
O8 - Extra context menu item: Ïåðåäàòü íà óäàëåííóþ çàêà÷êó DM - C:\Program Files\Download Master\remdown.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: BrowserProtect Anti-Hijack Service (BpSvc) - Web Eight LLC. - C:\Program Files\BrowserProtect\BpSvc.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: panda_url_filtering Anti-Phishing Service (panda_url_filteringService) - Visicom Media Inc. - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
O23 - Service: PuranDefrag - Puran Software - C:\Windows\system32\PuranDefragS.exe
O23 - Service: 360 Total Security (QHActiveDefense) - Unknown owner - C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe

--
End of file - 13282 bytes

And TM HT ADS Spy scan log:
C:\ProgramData\Symantec\hpc : 1358375374  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Symantec\hpc : 1358375374  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\TEMP : A29E7570  (129 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\TEMP : DFC5A2B2  (149 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\TEMP : A29E7570  (129 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\TEMP : DFC5A2B2  (149 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Symantec\hpc : 1358375374  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Symantec\hpc : 1358375374  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : A29E7570  (129 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : DFC5A2B2  (149 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : A29E7570  (129 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\TEMP : DFC5A2B2  (149 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.669\_platform_specific\win_x86\widevinecdmadapter.dll : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdm.dll : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\Downloads\== WWW\360TS_Setup.exe : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\Downloads\== WWW\EmsisoftEmergencyKit (1).exe : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\Downloads\== WWW\HijackThis.exe : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\Downloads\== WWW\mbam-setup-2.0.2.1012 (1).exe : BDU  (0 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Enrico\Favorites\Links\Aanbevolen websites.url : favicon  (894 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\España\Favorites\Links\Suggested Sites.url : favicon  (894 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Guest\Favorites\Links\Suggested Sites.url : favicon  (894 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)


Posted by: jheysen
« on: 02. September 2014., 03:30:43 »

I'm alive lol
Uhm.... The AVs will check the hooks for paths and then scan those paths, if the malware can get past the scanner... no alarm will be raised :/
HJT log might be needed
Posted by: devnullius
« on: 01. September 2014., 23:56:40 »

I made a log of the bootfile - I don't think it shows anything special: but it shows a lot. And it's a BIG file, so I made a torrent... https://app.box.com/s/k28ulvkxq9u13y5fmap5

There's a strange call to explorer.exe
And maybe you can throw into action ProcessMonitor filtering just for chrome.
Did you check the usual hooks for explorer and WinLogon?
There's a strange call to explorer.exe
And maybe you can throw into action ProcessMonitor filtering just for chrome.
Did you check the usual hooks for explorer and WinLogon?

Oh F* me! You are right! How could I not see this... I'm not as much an expert as I thought, lol.

I guess I need your help now... How to proceed next?
Posted by: neerajrawat1
« on: 01. September 2014., 22:00:36 »

No idea what are you referring to? I am using Adblock Plus, try it, may help.
Posted by: devnullius
« on: 01. September 2014., 21:43:37 »


Did you check the usual hooks for explorer and WinLogon?
Shouldn't any decent AV detect this stuff...?
Posted by: devnullius
« on: 01. September 2014., 21:42:08 »

Did you try Emsisoft and malwarebytes as well?
Yes, everything in the list has been installed / ran... To no avail! :(

I mean: YOU guys do not have an advertisement square banner above suggested titles in youtube when watching videos, right? I really think they should not be there, but... Starting to doubt myself now :(



Devvie
Posted by: neerajrawat1
« on: 01. September 2014., 19:59:42 »

Did you try Emsisoft and malwarebytes as well?
Posted by: devnullius
« on: 01. September 2014., 16:18:58 »

Sophos and 360 Total Security on high still returned clean scans.

I must say, I really like 360 Total Security. You should check it out, might replace my avast real soon! ;p

Really need some advice on that explorer hi-jack you uncovered... https://encrypted.google.com/search?rlz=1C1GPCK_enNL430NL430&{google:acceptedSuggestion}oq=goo&sourceid=chrome&ie=UTF-8&q=google#q=C%3A%5CWindows%5Cexplorer.exe+%2Ffactory%2C%7Bceff45ee-c862-41de-aee2-a022c81eda92%7D+-Embedding



Did I mention PC1 is Windows 7 Enterprise...? Might this explain the hi-jack?

Devvie
Posted by: devnullius
« on: 01. September 2014., 12:40:26 »

There's a strange call to explorer.exe
And maybe you can throw into action ProcessMonitor filtering just for chrome.
Did you check the usual hooks for explorer and WinLogon?

Oh F* me! You are right! How could I not see this... I'm not as much an expert as I thought, lol.

I guess I need your help now... How to proceed next?
Posted by: jheysen
« on: 01. September 2014., 03:49:52 »

There's a strange call to explorer.exe
And maybe you can throw into action ProcessMonitor filtering just for chrome.
Did you check the usual hooks for explorer and WinLogon?
Posted by: devnullius
« on: 01. September 2014., 03:15:57 »

You should not see the colors, but see wether the processes are Digitally Signed (You can check that with Process explorer) and begin to check wich DLLs are hooked to the browsers...
The other attack vector is going with ProcessMonitor... but you should have an idea of what are you looking for before opening it

I understand I should not look for colors ;p It was one of the two proceses that didn't made immediate sense :)

I looked with your comments in mind, but still looks good to me?



http://i.imgur.com/L9bBdBM.png
That said, I should really clean chrome.exe shortcuts and stuff... I do not like the yellow pop-up for chrome... Does not make a lot of sense, unless hi-jacked in the simplest way possible... Shortcut modification. And yes, I did not test for that :) Cleaned %AppData% for chrome, not shortcuts. Still, IE is not good either!

We'll test and see :)

Devvie

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023