Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Notpad.exe And Loosing Focus


  • Please log in to reply
2 replies to this topic

#1 teemo10

teemo10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:35 PM

Posted 20 September 2008 - 10:42 AM

Hello,

My P.C. got infected with a trojan, and Windows Defender kept bugging me every minute with an alert that i have a trojan on my machine. It attempted to fix it, but as expected:- failed. The virus kept opening my internet explorer on this Chinese site every minute or so. I ran ComboFix which cleaned up a few things and stopped this behavior. This also caused the silly Defender alerts to stop. I then installed NOD32 antivirus (i had avast, and i think the trojan killed it) which did a better job at cleaning the virus/trojan, but my PC is still not completed cured. Currently i still have a few virus/trojan symptoms on my pc:

1. I have this empty background application that is running all the time on my pc, every few minutes it gains focus and my current window loosed focus, when im not looking at my screen, all my typing is wasted, i then have to re-focus on my desired application. (just happened now!)

2. A file "C:\notpad.exe" is created every few minutes on my pc.

The virus is running under a process named svchost.exe (i think) and the name of the trojan that Windows Defender initially alerted me about was "Trojan:Win32/Meredrop".

Thanks for any help in advance.

Edited by teemo10, 20 September 2008 - 10:43 AM.


BC AdBot (Login to Remove)

 


m

#2 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:35 AM

Posted 20 September 2008 - 03:25 PM

What's been found Severity Level
Attempts to inject additional HTML code into internet banking webpages in order to steal passwords, credit card details, ATM pin numbers, Social Security Numbers, birth dates. Steals passwords from the browser's auto-complete passwords cache and Windows protected storage. Gives remote hacker full control over the compromised system.
Downloads/requests other files from Internet.
Registers a 32-bit in-process server DLL.
Registers a Browser Helper Object (Microsoft's Internet Explorer plugin module).
Contains characteristics of an identified security risk.


http://www.threatexpert.com/report.aspx?ui...0b-96d044852921

This is about as bad it gets

BTW the bad guys are shifting some of their operations to China

I would reccomend you change all online security information and wipe the computer and reinstall
Chewy

No. Try not. Do... or do not. There is no try.

#3 DaChew

DaChew

    Visiting Alien


  • BC Advisor
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:35 AM

Posted 20 September 2008 - 03:40 PM

If you want to continue fighting the infection I would disconnect from the internet and immunize a usb drive and use it to download tools and transfer from a clean computer to yours.
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users