Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting Random Pop-ups For No Apparent Reason


  • Please log in to reply
1 reply to this topic

#1 javabytes

javabytes

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 21 September 2008 - 02:35 PM

Hey all,

Have a box running Server 2003 SP1 that managed to get infected by a drive-by installation. Removed Network Monitor, Command, and a few other files from the system32 folder manually including the following:

c:\windows\system32\iifdayay.dll
c:\windows\system32\byXNFuss.dll
c:\windows\system32\np5\sfeth112.exe
c:\windows\system32\ES\ixp6453.exe!
c:\windows\TVg\asappsrv.dll
c:\windows\TVg\command.exe
c:\windows\TVg\np0.vbs
c:\Windows\uninstall_nmon.vbs

There were a few other dll files with random names in the system32 folder that I got rid of as well. I've run HJT as well as inspected startup entries using Sysinternals Autoruns, and don't see anything suspicious anymore. But I'm still getting random popups. They're not for fake anti-virus or anything like that... they appear to be for random websites. For instance, the last three were an eBay listing for a Garmin GPS, http://blogmlb.smacchat.com, and http://www.felonyfind.com.

I've run VundoFix which came back clean, as well as scanned the machine with Trend Micro - also clean. I'm out of ideas, and that doesn't happen easily... hunting down and removing nasty infections manually is part of my job every day. Meanwhile, the popups continue. I would greatly appreciate your expert assistance.

Thanks!

Edited by javabytes, 21 September 2008 - 02:36 PM.


BC AdBot (Login to Remove)

 


#2 javabytes

javabytes
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 21 September 2008 - 03:45 PM

Never mind, looks like I got it. Rootkits can be a real pain in the rear sometimes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users