Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

exploit rogue scanner (type 922), websites blocked, possible rootkit?


  • Please log in to reply
2 replies to this topic

#1 NSpen1

NSpen1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 26 February 2010 - 03:13 PM

While browsing a messageboard using Firefox I received a supposed AVG Antivirus pop-up about "exploit rogue scanner (type 922)". I think it only said threat detected so I wasn't sure it it had been blocked or if I had been infected with anything. From what I have read, this was probably not a genuine AVG notice, but a faked one.
I didn't notice any problem until a couple of days later when I was unable to access some websites. This problem is worse for Firefox, but there are some websites I cannot access on either Firefox or AOL/Internet Explorer.

I usually run AVG and Malwarebytes Anti-Malware, and was unable to find anything with these. In addition I have tried Trend Micro, Bit Defender, Lavasoft Adaware, Kaspersky, Panda Active Scan, F secure, Spybot S&D, SuperAntiSpyware, Hijack This and found nothing significant (only false positives as far as I can tell, Panda giving a Virtumonde in Viewpoint media player, Kaspersky saying I had a virus in my hosts file when in fact it was entries previously inserted by Spybot to block "bad sites").
I had some problem running rootkit detectors, although for Gmer I believe that was because I didn't have AVG disabled. With AVG disabled I was able to run a full Gmer scan although this took a long time and slowed down towards the end - I was able to save a log file before the CPU usage went to 100% and I had to manually switch the computer off.
I still have problems running some of the sections of Root Repeal - files, hidden services and shadow SSDT - it immediately goes to a BSOD with a bad pool header error.
I have also successfully run ComboFix but it only found and removed one entry under search assistant. Still the problem with getting to some websites remains.
ComboFix, Gmer and Hijack This logs are available if these are of any use.

Do I have a hard to find rootkit or some other problem?

Edited by NSpen1, 27 February 2010 - 01:00 PM.


BC AdBot (Login to Remove)

 


#2 NSpen1

NSpen1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 27 February 2010 - 12:59 PM

I think I have fixed the problem on AOL (which may have been due to a recent AOL security update) by going here
http://help.aol.co.uk/why-cant-i-access-a-...802091909990001
and applying step no 5. I seem to be able to get to any site on AOL now though access is a bit intermittent on Paypal for example.
The problem on Firefox remains. I wondered if it could be due to a corrupt profile but anything I try - creating a new profile, clearing cache and cookies - doesn't fix it. It sounds very much as though I have a Vundo trojan as described here
http://support.mozilla.com/en-US/kb/Firefo...ertain+websites
Any clue as to how to find and get rid of it?
And now unfortunately my stand alone Internet Explorer is exhibiting the same problems as Firefox which I'm sure it wasn't before :thumbsup:

#3 NSpen1

NSpen1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:39 AM

Posted 27 February 2010 - 01:03 PM

aaargghh, no I didn't edit my first post, I was just trying to change the topic title to reflect that I may have a Vundo trojan infection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users