Jump to content


Photo

SFX Trojan


  • This topic is locked This topic is locked
13 replies to this topic

#1 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 19 July 2009 - 06:28 AM

Hello,

I'm glad to be here on the SWI forum again. I got some Trojan installed called sFX and would like to know if someone does know something about it?

I think I banned the tread by removing sFX folder, but would like to know if you guys do know something about it? Just like probably associated files that I should take care of.

There where two named pp10.exe and id12.exe which where belonging somehow but there might be others as well. I read about Trojan malware a little and think it can be a though job to find everything whats belonging and to get rid of it. Since, they are hiding from being scanned and like that.

Thanks,
Steve

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,559 posts

Posted 19 July 2009 - 06:37 AM

The best bet is to post a log in Malware Removal to have a trained helper walk you through any fix that might be needed...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 21 July 2009 - 12:49 AM

Hi Budfred, thanks for the posting.

A HJT log file?

Steve

Edited by Steve Miller, 21 July 2009 - 01:21 AM.


#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,559 posts

Posted 21 July 2009 - 01:25 AM

Yes... That is always where we start... Other scans may be needed as well, but that is the beginning step... If you are unsure, please read the FAQ...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 21 July 2009 - 03:08 PM

Yes... That is always where we start... Other scans may be needed as well, but that is the beginning step... If you are unsure, please read the FAQ...


Hello,

I think, with your kind help, I fixed the computer. Thank you so much.

Steve

#6 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,559 posts

Posted 21 July 2009 - 03:34 PM

Since I simply referred you to post a log, I don't know how my help would fix your computer... I suggest you go ahead and post that log since you may have missed some of whatever the issue is...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#7 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 22 July 2009 - 06:05 AM

Well, Spybot showed a few problems I fixed. The HJT log file contained noting that I wasn't aware of. Therefore, everything was being fine so far, I think.

Sometimes it's being about to download/install the right program(s) and to have a look at the right forum beforehand to make sure what's best to do next.

I started a thread at aumha forums before, but that was locked.

Thank you again,
Steve

Edited by Steve Miller, 22 July 2009 - 06:11 AM.


#8 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 26 July 2009 - 12:36 PM

Hello Steve! :)

You have a very dangerous trojan on your computer. It looks like you've removed the symptoms but infection is still present.

This type of infection allows hackers to remotely control your computer, steal critical system information and download and execute files without your knowledge.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever be trusted again. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like us to attempt to clean it then please post a log in Malware Removal forum and we'll do our best to help you.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#9 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 26 July 2009 - 02:34 PM

Hi e-tech,

thanks for you kind reply and the time you invested into the issue. I think I'm fine so far, and the computer was fine as well. I think.

Well I've checked the hjt log, startup programs, firewall exceptions, processes running. It seems to be operating as usual.

Even the noises are being as ever and I don't witness anything that was going on which was of any concern so far.

An other thought was, when I started here how much time do you think was being consumed up by chasing malware? No, there has to be an other way out.

Thank you,
Steve

PS Do you know something about sFX in particular? I would be glad about any information. As of now, it's hard to come by anything specific.

Edited by Steve Miller, 26 July 2009 - 02:37 PM.


#10 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 26 July 2009 - 04:12 PM

Hello steve

I think you are doing great by checking all these stuff and I would like to answer your question about if I know anything about sFX.

Yes, I do actually know some stuff about it, fought it before, and that's why I'm recommending you to post the topic in Malware Removal forum. It can take some time and couple attempts to get rid of it. :)

It's not easy to discover because lot of stuff seams to be normal, because it contains a code with the rootkitspecific techniques designed to hide the software presence in your system.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#11 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 28 July 2009 - 02:00 AM

Ok that's cool. As I have said before, the thing was about the sFX Trojan only. If you like to help you could post your information.

Believe me, there was nothing in the log file that was of any interest. To be honest, I'm not going to expose my personal life online.

The information was more and more private and I'm not that desperate. Sorry.

Steve


-------
Vacuum was when the volume of the zero room was greater
than the volume of the mass of its particles.

#12 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,559 posts

Posted 28 July 2009 - 02:25 AM

We do not ask you to post personal information and, since you have gotten help here before, presumably you already know that... However, you have had a serious infection on your computer that may still be there and may be quietly stealing information in order to cause you great financial harm... If that is the case, you can certainly choose to take that risk... However, it is also quite possible that your computer is being used to infect other computers and that is where you are hurting other people... You can certainly choose to ignore that risk, as long as you don't mind being an unwitting partner to the people who infected your computer in the first place... Either way, there doesn't seem to be much point in continuing this discussion since you do not appear willing to follow any suggestions you are given...

As for e-tech or any of our helpers giving you random information in the hope that it will somehow help your situation, that would be irresponsible and we do not teach our helpers to be so careless...

To be honest, I'm not going to expose my personal life online.

To be honest, it is quite likely that you are exposing your personal life online to people who will take advantage of the information they receive...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#13 Steve Miller

Steve Miller

    Member

  • Full Member
  • Pip
  • 26 posts

Posted 28 July 2009 - 03:13 AM

Budfred,

It seems you're not with us, as everyone suggested. The whole issue, at the end, was not about kill that prozess. No, a little more in depth knowledge was necessary.

Just like give and take not kill kill kill.

If you're not willing to help. Fine. You'll not have the skills anyway. What other reason could be true, therefore?

Others have a notion at what I'm aiming, I hope. :)

To post a log file was a means in case the infection was being unknown, which it wasn't. Now, please go on.

Steve

Edited by Steve Miller, 28 July 2009 - 03:14 AM.


#14 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,559 posts

Posted 28 July 2009 - 03:14 AM

I will go on and close this topic since it is clearly not going anywhere... You ignore our advice and insult us...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




Member of UNITE
Support SpywareInfo Forum - click the button