Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Affected From Aspimgr.exe


  • Please log in to reply
7 replies to this topic

#1 shekhar12

shekhar12

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 07 August 2008 - 11:31 PM

today i browsed a college website and in a few second browser closed automatically.....
and quickheal sent me a message that aspimgr.exe is ready to install....click yes if this is newly installed application but i clicked no....but nothing happened and it was asking same question till i rebooted the system....
when i restarted my system it didnot asked any question and quic heal also didnt detect any virus...

i want to know that am i afeected from asprimgr.exe or i m not bcoz i didnt accepetd it as newly installed application.....

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 AM

Posted 08 August 2008 - 07:37 AM

aspimgr.exe is a backdoor Trojan. Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

Your anti-virus may have stopped the file before it infected your system. Is your computer showing any signs of odd behavior, slow performance, browser redirects?

As a precaution, I recommend you perform at least one of these online Virus scans:
((All the following, except Trend Micro Housecall Scan, require Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component. If given the option, choose "Quarantine" instead of delete.)
BitDefender Online Scanner <- Add a check by "Autoclean" and choose the option to "Quarantine".
ESET Nod32 Online Scanner <- Vista compatible but Internet Explorer must be Run as Administrator.
F-Secure Online Scanner. <- Follow the directions on the F-Secure page for proper Installation. (also checks for rootkits) (Vista compatible)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 shekhar12

shekhar12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 09 August 2008 - 01:54 AM

no my computer is not showing any odd behaviour...nor my browser is redirecting.
yesterday i opened task manager and found that aspimgr.exe is in process...i tried to search system32 but it was hidden and i didnt been able to view that folder.
today i found system32 and deleted the aspimgr.exe.
and after that i didnt find it in task manager running process.
am i safe now?or still any problem?
because my system and internet both are working fluently without any problem.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 AM

Posted 09 August 2008 - 07:08 AM

today i found system32 and deleted the aspimgr.exe

Then apparently your anti-virus did not stop it in time.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the backdoor Trojan was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Further, in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

"When should I re-format? How should I reinstall?"
"Help: I Got Hacked. Now What Do I Do?"
"Where to draw the line? When to recommend a format and reinstall?"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 shekhar12

shekhar12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 10 August 2008 - 03:41 AM

actually i was thinking to format my computer all new installation of os....will it be ok?and after that i wont get any problem related to this incident?if yes then please tell me what i should do after reformating.....its happened first time that i m infected with backdoor trozan..?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 AM

Posted 10 August 2008 - 08:25 AM

Your decision as to what action to take should be made by reading and asking yourself the questions presented in the "When should I re-format?" and What Do I Do? links I previously provided. As I already said, in some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you should back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some malware may disguise itself by adding and hiding its extension to the existing extension of other files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

In case you need help with this, please review "How to partition and format a hard disk in Windows XP".

These links include step by step instructions:
"Clean Install Windows XP".
"Reformat & Clean Install Windows".
"XP Clean Install Interactive Setup".

Also see "How to keep your Windows XP activation after clean install". Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 shekhar12

shekhar12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 11 August 2008 - 09:40 AM

I formatted my computer....new installation of OS...
actually i m from India,my net conection is from BSNL.....
i dont have unlimited usage facility....my limit is 2.5 GB per month.show whenever i connect to internet i usually check my status that how many i have used in 10 min. or 20 min. and it also show me the number of data sending and recieving every minute....after infected from that trojan when i check status the data send and recieve on its own.without using ...
after reformatting also...i m still facing that problem....

so plz tell me what to do..is this my computer fault or is this connection fault and i need to contact BSNL?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,056 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:37 AM

Posted 11 August 2008 - 09:46 AM

Its difficult to say where the problem lies at this point. The starting place would be to contact BSNL so they can do some investigating at their end.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users