Yesterday I have VERY STUPIDLY tried to install a dodgy JPEG editor downloaded from some dodgy site..... (IDIOT ME!)....
I was counting on my registered AVG antivirus to protect me....
the malware pierced AVG like a hot knife the butter.
Here the consequences:
- My Web Search plugin installed on IE and Firefox
- every browser was using as a proxy 127.0.0.1:57152 (even if you removet it, every 5 seconds it's set again)
- a fake DWM.EXE * 32 process was being spawned every 5 seconds, even if I killed the whole process tree it comes back
- a fake CSRSS.EXE * 32 as above
- a fake CONHOST.EXE as above
- a fake SVCHOST.EXE as above
(in your task manager, processes, right click on the process and use "locate folder" to identify if the EXE is in c:\Windows\System32 or somewhere else.
I bought Lavasoft Ad-Aware, with runtime protection: it could identify that something dodgy was going on, but could not eradicate it completely.
I also run MalwareBytes anti malware, which identified some stuff.
Finally I killed all the dodgy processes, deleted all the dodgy EXE files, cleaned up all the dodgy Registry entries (see here http://www.threatexpert.com/report.aspx?md5=9d94b6111ce550c0e999d2deba07b018 for a non exhaustive list), and now everything SEEMS to be back to normal.
Here a good description of this Trojan.
I am really amazed how easily Windows 7 64 Bit Security is pierced.
I will immediately resize my partition, install Ubuntu and use Windows 7 only if really needed.
Thursday, April 28, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment