Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

unknown SID / flash Installer pop up / virus: Virtool:JS/Obfuscator.AG


  • Please log in to reply
No replies to this topic

#1 bluebird100

bluebird100

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 11 April 2012 - 03:15 AM

I posted previously about some perceived connection compromises. I run windows XP. Have two machines one wired ethernet & other picking up wireless connection off my router - BT HOme Hub. I have been suspicions about someone remotely accessing my pcs /newtork. I have a home newtork -but really dont understand that much about it apart from allowing my two machines to share certain files/folders.

on Wireless connected machine after clearing a lot of malware I am left with "Flash installer" upgrade failure constantly popping up - cant track it down or get rid of it? . Any ideas?. Run Mcafee on this machine - which eventually has started working but SuperAntispyware did the majority of tracing / quarantine as Mcafee appeared to have been compromised. I am left with "Flash installer" upgrade constantly popping up - cant track it down or get rid of it? . Any ideas?For info: Virus /Malware removed from Wireless connected PC by SAS ( I will add I unwittingly clicked on FedEx false invoice email!!!! - we were having a lot of deliviries at the time, what an idiot!)

1)HKLM\SOFTWARE\MICROSOFT\SCEURITY CENTRE#ANTIVRUSDISABLENOTIFY
HKLM\SOFTWARE\MICROSOFT\SCEURITY CENTRE#FIREWALLSABLENOTIFY

TRACE.KNOWN THREAT SOURCES
c:\dcouments and settings\networkservice\local settings\temporary internet files\content.ie5\nw7g3bsz\twistandshoot{1}.png{cache:wista}

A few objects under macromedia\flashplayer shared objects

TROJAN.agent/Gen -Fraudantispy
TROJAN . Agent /Gen -Multic (system volume?)

What do these malwares do exactly ?. Also on this machine I cant locate "Local security policy"......I wanted to check some areas having had issues with other PC (SEE BELOW)

On my wired ethernet PC I went snooping around my system & went into event viewer etc & then into Local security settings. Understand a fair bit of it but in User Rights assignments " Access this computer from network " & "impersonate a client after authentication" & several other headings the following appears alongside the usual "users" "adminstrators" etc - what is it:?

* S-1-5-21-3497319662-3801654286-1697624827-1003
Other headings it appears under " Deny Log in Locally" "Deny log in through terminal servers" "log on as a batch job" " log on as service". Cant identify this anywhere - help appreciated?.

Also, noticed my security log wasnt there ! - so I changed settings (audit) and now appears shows some "priviledged actions". This machine did have some malware removed that seemed to be masking / changing security settings etc( SAME hklm AS ABOVE)) but still has Virtool : JS /Obfuscator.AG still present - found by Microsoft scanner. How do I remove this one? I have Mcafee but it hasnt detecetd it nor SuperAntispyware or MalwareBytes.


I also noticed that in my device driver settings (network adaptor) was set to "wake" against various actions. I was unaware of this. Did this mean that somone could turn my PC on remotely ? or access it if left on overnight?
Can someone give me some clues as to what any of this means ? particularly the long number string above.
I maybe being paranoid - but with all this I am suspecting someone has been /continues to be in my machines/connections.
Really appreciate any help.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users