Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DCOM/RPC malware on XP SP3???


  • Please log in to reply
2 replies to this topic

#1 spot2112

spot2112

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 07 July 2010 - 09:39 AM

To whoever takes pity on me...

I am pretty sure I have some pretty clever malware. Second time in 9 months. Last Time I caught the bug downloading abandonware...i learned my lesson. I now only download from sites like cnet, softpedia, etc.
So although I downloaded several softwares in last 30 days, can't say what it was that contained the malware. I dont click on random links in email, use gmail and think I usually do a great job of avoiding such issues. Obviously not this time.
I am running XP SP3, and access the net via USB tethered jailbroken iPhone 3G with firmware 3.1.2 that is spoofed to show 3.1.3. I use files from iTunes 8-something to access from the pc side.
I have privacyware personal firewall 7 installed and passed an internet based security scan with flying colors the day before I lost all access to net, so i think worms are ruled out. There seems to be a redirect/hijack issue as IE does not have any tool bars, menus, etc now, & cannot access inetcpl.cpl. As of today there are lots of other cpl's i cannot access. I cannot restart lots of critical services related to network connectivity.
When it was only the apparent hijack, I believed I could take care of things myself and bagan fooling around with the registry and services...that's how you learn, right? :thumbsup:

Also have spybotSD/teatimer/SAS installed and have run various scans. Also HJT and the "manual" version of HJT, dont remember the exact name, not at my desk.
I'm typing on an iPhone, so I can't give tons of info right now, but I will answer questions as necessary to get basic internet access. so first thing I'm looking for is help getting online to update malware defs and post logs to this site.

Hope to hear from someone soon.

Gary

BC AdBot (Login to Remove)

 


#2 spot2112

spot2112
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 07 July 2010 - 10:28 AM

UPDATE...I now have internet connectivity from the desktop...am updating SAS and SpybotSD at this time...I used a 3rd party software to change services that I previously couldn't start from disabled to automatic and then rebooted and at least for now they are running. I have my firewall running too, so hopefully that will frustrate any attempts to send back data from the malware. I am going to try to download mbam setup to desktop just in case I lose connection again....I will save it in case someone asks me to install in safe mode. Right now however, the installed version will not run because I get runtime error 372, vbalsgrid6.ocx may be outdated, etc.

Edited by spot2112, 07 July 2010 - 10:32 AM.


#3 spot2112

spot2112
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:35 PM

Posted 08 July 2010 - 02:41 PM

Okay...everyone should consider this topic CLOSED...I am still having issues, but things have changed (mainly for the better) and I will need to post a new topic. For anyone following so far, but waiting to respond, thanks for your time and look for a new topic soon.

spot2112




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users