A problem after a crash
in [Hardware]
|
From: JD on 3 May 2010 00:30 kony wrote: > On Thu, 29 Apr 2010 11:07:02 -0700, JD <JD(a)NoDen.con> wrote: > > >>> I renamed that Window to WindowC and there is some squawking >>> from my firewall and a few other sources. Will keep monitoring. >> I just had a thought. Microshaft regularly >> "updates" my Win2K and >> IE. They might have added that oddball Windows >> material. > > > Doubtful, they look like malware. > > Check the file creation dates and do a file search for other > files created around the same time, there may be other > suspicious ones you need to remove. > > Run a malware and antivirus scanner, but it is often easier > to pull the whole drive out and scan it on another system so > there isn't any malware running at the time which often > tries to protect and reproduce itself. Thank you Kony for your usual enlightening response. I did some more exploring. The files I last looked through were in the Windows folder on the C: drive and there were 5 .exes there. The last one was winnetest.exe. Below that there is a System32 folder with some more interesting things. I looked through the files again and just below System32 is a Browser folder with many .dll files but also, to my surprise, with the FFox symbol and with oke.exe immediately to the right of it. Apparently this whole thing was a "plant" of FFox, without my permission. What liberties FF takes! I also noticed that every time I set a blank startup page, FFox overrides it with it's big red symbol and a search box. In any case, the program in question is dormant. It's doing nothing as far as I can tell. No whining since I changed the name Windows. Comments please :-) Thanks!
From: Paul on 3 May 2010 02:27 JD wrote: > kony wrote: >> On Thu, 29 Apr 2010 11:07:02 -0700, JD <JD(a)NoDen.con> wrote: >> >> >>>> I renamed that Window to WindowC and there is some squawking >>>> from my firewall and a few other sources. Will keep monitoring. >>> I just had a thought. Microshaft regularly "updates" my Win2K and >>> IE. They might have added that oddball Windows material. >> >> >> Doubtful, they look like malware. >> >> Check the file creation dates and do a file search for other >> files created around the same time, there may be other >> suspicious ones you need to remove. >> >> Run a malware and antivirus scanner, but it is often easier >> to pull the whole drive out and scan it on another system so >> there isn't any malware running at the time which often >> tries to protect and reproduce itself. > > Thank you Kony for your usual enlightening response. I did some more > exploring. > > The files I last looked through were in the Windows folder on the C: drive > and there were 5 .exes there. The last one was winnetest.exe. Below > that there is a System32 folder with some more interesting things. > I looked through the files again and just below System32 is a > Browser folder with many .dll files but also, to my surprise, with > the FFox symbol and with oke.exe immediately to the right of it. > > Apparently this whole thing was a "plant" of FFox, without my permission. > What liberties FF takes! I also noticed that every time I set a blank > startup page, FFox overrides it with it's big red symbol and a search box. > > In any case, the program in question is dormant. It's doing nothing as far > as I can tell. No whining since I changed the name Windows. > > Comments please :-) > > Thanks! Upload the files to virustotal.com and have them scanned. Paul
From: JD on 3 May 2010 23:04 Paul wrote: > JD wrote: >> kony wrote: >>> On Thu, 29 Apr 2010 11:07:02 -0700, JD <JD(a)NoDen.con> wrote: >>> >>> >>>>> I renamed that Window to WindowC and there is some squawking >>>>> from my firewall and a few other sources. Will keep monitoring. >>>> I just had a thought. Microshaft regularly "updates" my Win2K and >>>> IE. They might have added that oddball Windows material. >>> >>> >>> Doubtful, they look like malware. >>> >>> Check the file creation dates and do a file search for other >>> files created around the same time, there may be other >>> suspicious ones you need to remove. >>> >>> Run a malware and antivirus scanner, but it is often easier >>> to pull the whole drive out and scan it on another system so >>> there isn't any malware running at the time which often >>> tries to protect and reproduce itself. >> >> Thank you Kony for your usual enlightening response. I did some more >> exploring. >> >> The files I last looked through were in the Windows folder on the C: >> drive >> and there were 5 .exes there. The last one was winnetest.exe. Below >> that there is a System32 folder with some more interesting things. >> I looked through the files again and just below System32 is a >> Browser folder with many .dll files but also, to my surprise, with >> the FFox symbol and with oke.exe immediately to the right of it. >> >> Apparently this whole thing was a "plant" of FFox, without my permission. >> What liberties FF takes! I also noticed that every time I set a blank >> startup page, FFox overrides it with it's big red symbol and a search >> box. >> >> In any case, the program in question is dormant. It's doing nothing as >> far >> as I can tell. No whining since I changed the name Windows. >> >> Comments please :-) >> >> Thanks! > > Upload the files to virustotal.com and have them scanned. > > Paul Thanks Paul. There are too many files to be scanned, scanning is slow, and I have to upload them one by one.
From: Paul on 4 May 2010 08:14
JD wrote: > Paul wrote: >> JD wrote: >>> kony wrote: >>>> On Thu, 29 Apr 2010 11:07:02 -0700, JD <JD(a)NoDen.con> wrote: >>>> >>>> >>>>>> I renamed that Window to WindowC and there is some squawking >>>>>> from my firewall and a few other sources. Will keep monitoring. >>>>> I just had a thought. Microshaft regularly "updates" my Win2K and >>>>> IE. They might have added that oddball Windows material. >>>> >>>> >>>> Doubtful, they look like malware. >>>> >>>> Check the file creation dates and do a file search for other >>>> files created around the same time, there may be other >>>> suspicious ones you need to remove. >>>> >>>> Run a malware and antivirus scanner, but it is often easier >>>> to pull the whole drive out and scan it on another system so >>>> there isn't any malware running at the time which often >>>> tries to protect and reproduce itself. >>> >>> Thank you Kony for your usual enlightening response. I did some more >>> exploring. >>> >>> The files I last looked through were in the Windows folder on the C: >>> drive >>> and there were 5 .exes there. The last one was winnetest.exe. Below >>> that there is a System32 folder with some more interesting things. >>> I looked through the files again and just below System32 is a >>> Browser folder with many .dll files but also, to my surprise, with >>> the FFox symbol and with oke.exe immediately to the right of it. >>> >>> Apparently this whole thing was a "plant" of FFox, without my >>> permission. >>> What liberties FF takes! I also noticed that every time I set a blank >>> startup page, FFox overrides it with it's big red symbol and a search >>> box. >>> >>> In any case, the program in question is dormant. It's doing nothing >>> as far >>> as I can tell. No whining since I changed the name Windows. >>> >>> Comments please :-) >>> >>> Thanks! >> >> Upload the files to virustotal.com and have them scanned. >> >> Paul > > Thanks Paul. > > There are too many files to be scanned, scanning is slow, and I have > to upload them one by one. bnwork.exe, conmser.exe, gjgx.vbe, gjht.vbe, winnetest.exe ??? I would at least scan the three .exe files, purely out of curiosity. Paul |