New Posts  All Forums:Forum Nav:

Malware? - Page 2

post #11 of 23
Quote:
Originally Posted by slothfish View Post
I tried to go to that directory but it seems as if it doesn't exist
Then I call malware again. Or similar. It's creating a new temp directory and process every time it starts up so you never see it twice.
post #12 of 23
Thread Starter 
Quote:
Originally Posted by AdmiralThrawn View Post
Then I call malware again. Or similar. It's creating a new temp directory and process every time it starts up so you never see it twice.
Ahhh I see. Yeah I tried typing in the actual directory and it said "Windows can't find etc.". Maybe I already killed the file that is creating new temp directories?
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
post #13 of 23
I doubt it. If I were designing something to do that, I'd give it a shell which runs once when the computer starts and all it does is unpack itself to a randomly generated temp folder.

Restart the computer and see if there are any strange exes in there.
post #14 of 23
Thread Starter 
Quote:
Originally Posted by AdmiralThrawn View Post
I doubt it. If I were designing something to do that, I'd give it a shell which runs once when the computer starts and all it does is unpack itself to a randomly generated temp folder.

Restart the computer and see if there are any strange exes in there.
Restarted a few times, no new exes or anything else peculiar going on. Strange.

I'm tempted to just disable it for the time being and see what happens. I'm confuzzled as hell, but not really sure what else to do at this point.
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
post #15 of 23
Wait, you said you disabled something in Windows startup and it disappeared?

What was it in WS? Can you give us a screenie?

(Why am I suddenly so interested in this? )
post #16 of 23
Thread Starter 
Quote:
Originally Posted by AdmiralThrawn View Post
Wait, you said you disabled something in Windows startup and it disappeared?

What was it in WS? Can you give us a screenie?

(Why am I suddenly so interested in this? )
That was the original screenshot, of the program in the "startup" section of msconfig.
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
post #17 of 23
How odd. If it was actually running from the temp directory then I'm lost. Oh well. Seems like you found your solution anyhow.
post #18 of 23
Use a LiveCD to scan.
post #19 of 23
Thread Starter 
Thanks guys, I'll keep an eye on it!
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7 920 D0 @ 4.0 1.2v Rampage II Extreme 7970 12gb 1600mhz @ 7-7-7-21 
Hard DriveOptical DriveCoolingOS
Corsair 128gb SSD 2xSeagate 7200.12 RAID 0 2x... BD-RW Prolimatech Megahalems Windows 7 Ultimate 
MonitorKeyboardPowerCase
1920x1080 48" Samsung TV ione Scorpius M10 Enermax Evo 1250w Custom 
Mouse
Logitech G9 
  hide details  
Reply
post #20 of 23
How in the world did you get that? I wrote that piece of software over 2 years ago, it's a keyloger/enumeration utility that uses Windows wmic and a small bit of c++ code. As long as you're not running World of Warcraft or subscribe to Facebook feed you'll be fine. The IP address the application uploads to is long-long gone.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Cisco Cisco Cisco Cisco 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security