Posted 17 May 2010 - 11:46 PM
I sort of goofed up last week. I downloaded something that I thought was an executable to a program. I was using firefox, so NOD32's IMON didn't flag it right then. Next, after clicking the .exe file, win patrol came up and told me that it had detected a new startup entry. I allowed it, went to dinner, and moved on with my life. When I returned, after talking to my friend on the phone for a bit, I saw that internet explorer had started automatically, that there were ads for hotels as well as other things up there. The funny thing was that I was able to kill IE8 easily including a download window (which I know I didn't click on). I looked at win patrols list of programs, and promptly removed the randomly named one that was running from my C drive under a file named fhg.exe. Beside it was a file with the name FHF.exe. These were running under my temp folder under local APPData. The even stranger thing is the fact that both files allowed me to delete them without a hoot or a holler. Meanwhile, next day, May 9, (for this first started on the 8th), in late afternoon, I was finally able to view NOD's log. My trusty antivirus told me that it had deleted a file in my windows folder called fzytua.exe flagging it as Trojan Win32/Kryptik.EEI. Now on May 17, nine days later, I ran malwarebytes and it found two lone registry keys, both with the same random process name as what was once detected by win patrol. Both went into cyberspace without a single word or error message. The thing that perplexed me the most was that both had the name trojan.fakeAlert beside their name in the MBAM log. Was this just one of those surface things that should now no longer be of any concern? If you have any input, please let me know.
The AccessCop Network is just me and my crew.
Some call me The Queen of Cambridge