Jump to content


Photo

HELP!


  • This topic is locked This topic is locked
59 replies to this topic

#51 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 25 July 2004 - 04:50 PM

Hi,
Your log is clean again ... good job!

Note: yes just simply "overwrite" the existing HOSTS file each time there is a new update, usually weekly. :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#52 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 26 July 2004 - 12:49 AM

Thank you for your quick help. I installed the defenses but now am having problems downloading music from download.35mb.com. I have all of the required software and it worked before I installed the defenses but now it loads all the images with a little red x in them and when I click on a link to download an mp3 the little download button no longer appears. Why is this happening? Thank you.

#53 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 26 July 2004 - 03:57 AM

Hi,

am having problems downloading music from download.35mb.com

Because 35mb.com is not what it seems! It's listed in my HOSTS file and they are part of the reason your machine was infected. I downloaded their ".cab" file and once loaded it contact another site (impregnable.net) which downloads several other files. I then scanned those files at Jotti's Malware Scanner both files are infected!

Remember this:

I am getting a message at startup that states that I already have an updated version of iexplore.exe.
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe

Well guess what files were included?
impregnable.net/files/install.exe = TrojanDownloader.Win32.VB.dw
impregnable.net/files/iexplore.exe = Trojan.Win32.StartPage.kk

So in not being able to contact 35mb it saved you from being infected again!

Have HijackThis "fix" the following:

O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab

Note: I'll be adding "impregnable.net" to my HOSTS file and it will reflect in the next update ...
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#54 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 26 July 2004 - 12:29 PM

Wow. Thanks for the information. I deleted that last entry but I was just wondering if the mp3's I downloaded are infected or if they are okay.

#55 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 26 July 2004 - 12:33 PM

I was just wondering about the folder found earlier, the one that contained the mru folder. Is that malicious spyware that sends information to other computers or does it just monitor internally? I found out that the file was Big brother.

#56 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 26 July 2004 - 02:23 PM

Hi,
I have no idea about any other files you downloaded from there, but I wouldn't trust them ... as for the "mru" folder what else is located there? Try moving them to a Junk folder, then if nothing complain = delete them.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#57 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 26 July 2004 - 02:24 PM

Well, the mru folder was deleted but I found out that it was a paid program called big brother that someone purchased and installed off the internet. I was just wondering if this is malicious or since it is purchased if it is safe. Thank you.

#58 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 26 July 2004 - 02:37 PM

Hi,
I've never heard of "Big Brother", so I have no idea what it was ... :wave:
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#59 ConfusedMonkey

ConfusedMonkey

    Member

  • Full Member
  • Pip
  • 77 posts

Posted 26 July 2004 - 03:50 PM

Thank you very much for your help. :wave:

#60 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 July 2004 - 07:00 PM

Glad we could help. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button