Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection/rootkit?


  • Please log in to reply
No replies to this topic

#1 siknasty

siknasty

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:04 AM

Posted 10 December 2010 - 05:32 AM

Currently, I am running comodo firewall with eset nod32 and my anti virus. Yesterday Comodo found something funny. Many programs tried to gain elevated privileges and install global hooks. They kept demanding privileges so I just shut the computer off. Upon rebooting, firefox would not connect to the interent, but IE would. IE would not connect to HJT analyzers, or spybots main site. Giving me a timed out error, though all the other sites worked perfectly. Eset picked this up today though.

12/10/2010 2:15:00 AM HTTP filter file http://0000004.in/exploits/javaobe.jar Java/TrojanDownloader.Agent.NCA trojan connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Java\jre6\bin\java.exe.

Which leads me to believe I currently have an infection of some kind, possibly a keylogger. Another thing I took notice of. At certain times comodo would say I had around 20 outbound connections, even though I was not using a web browser or updating software. I ran sysop for nod32 and found around 9 level 8 high risk connections, connecting to my computer at the same time. Unfortunately, I did not capture the ip addresses. I have tried running, Nod 32, spybot, ad aware, malwarebytes anti malware, and spyware blaster, but to no avail. Randomly, Firefox came back from the dead for me, so I am browsing on it for the moment. I would like to figure this out soon as possible as it is finals week coming up.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users