Hijacker program -- Internet Scams

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, 2, [3], 4 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 06:05:22 05/26/04 Wed
Author: Dimmes
Subject: Hijacker program

I was attacked by a hijacker program.

I'm running Win98SE IE 5.01 SP3 with all of the updates. I
run Kerio 2.15 behind a NAT router, AdSubtract 2.55 and
updated NAV 2002 (only on this system for E-mail scanning).

My Notepad.exe file was replaced with a 4KB file. A copy of
the same infected file was placed in the C:\Windows\System32
Folder and another copy of the same file renamed Setup1.exe
was placed in the C:\Temp Folder.

Kerio 2.15 stopped the attack and I was able to locate and
manually remove the infected files and replace Notepad.exe.

I checked my system with Updated versions of NAV, F-Prot,
Sybot S&D 1.3, Ad-Aware 6, The Cleaner and Pest Patrol but
nothing
showed up as malware.

The bad files contain the lines:

Content-Length:200 HTTP/1.0
Host: GET -.exe217.116.233.119/help/guide.exeRSDS
d:\Projects\01.05.04\jokke\loader.exe\Release\loader.exe.pdb

Loader.exe is associated with various spyware and trojan
programs.

It looks like I caught the bugger before it could call home
and infect my system.

I sent the bogus Notebook.exe file to Symantec. They said
that they couldn't find any malicious code with their
automated system - DOH!

Has anyone else run into this?

--
Chas. verktyg@aol.spamski.com (Drop spamski to E-mail
me)

[ Next Thread | Previous Thread | Next Message | Previous Message ]

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.