Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Quick questions about risks...


  • Please log in to reply
3 replies to this topic

#1 NoseSeeToads

NoseSeeToads

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 December 2012 - 08:46 AM

Hi - thanks in advance for any help.

The questions (below) I suspect to be relatively easy to answer - and they will improve my knowledge substantially...

Background: My Windows 7 machine started freezing. Following several forced power off situations other problems arose (with booting - now resolved). The last time it froze was while in BIOS settings so I'm working on an assumption that these issues are hardware related (it's a cobbled together machine not one off the shelf. During troubleshooting I ran MalwareBytes for the first time, which seems to have prompted AVG into noticing two problematic files (AVG calls these 'Exploit_c.VRA' and 'Script/Exploit.Kit.AF') AVG was happy to remove these. Further scans (MalwareBytes/AVG) find nothing.

The questions:
  • The problem files were in Firefox's cache (Mozilla/Firefox/Profiles/...../Cache) - does that tell me anything about whether they were executed/used?
  • These are in my wife's account - which does not have admin status - does this mean things are relatively safe?
  • Is the 'last modified' date on these files likely to be the date they were downloaded (my guess is that it is)?
  • The 'last modified' date for these files corresponds to an evening of web browsing by my wife. Is there any way to work back to find out what these files were - to confirm they were downloaded then (no downloads are listed, if it was a pdf file it would have appeared in a browser plugin not as a downloaded file)?
  • My wife has not done anything online of consequence (e.g. shopping/banking) since the last modified date, so is it likely that no sensitive data is compromised? (I did some shopping in a separate non-admin account).
  • If trojans (etc) allow people to execute their choice of code on a computer does this mean that they could (are likely to) find ways to install stuff or access stuff which isn't listed in antivirus databases? Or does it make it possible to open up the computer for remote access or something? Or does a clean antivirus/malware scan tell me that it's likely that things are now safe?
  • Scans on a separate Windows XP computer (physically networked to the problem machine, but without intentionally opening up any communication) show nothing. Can I relax about this one?
  • An old (well out of date) imac on the same physical network (but not opened up for communication) has no AV scanners on it. Do I need to be doing something proactive to check that this is safe?

I'd really appreciate advice and comment on these issues. Fundamentally the answers will give clues on a way forward for me. I'm thinking that the answers themselves are probably relatively simple for someone who knows their stuff - but I realise that reading this will have taken time so thank you again.

BC AdBot (Login to Remove)

 


#2 rotor123

rotor123

  • Moderator
  • 8,093 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:11:22 PM

Posted 14 December 2012 - 10:24 AM

Freezing in the BIOS has to be hardware related. Since it is cobbled together I'm guessing it has an older motherboard?

If it does have an older Motherboard take a look at it and see if it has any bad capacitors. You can find examples on the right hand side of this page. I'm suggesting this as bad capacitors on the Motherboard can cause this problem. They can also affect power supplies, Do not open it for safety reasons, They can also affect the Video card if you are using a separate video card. If you are using a video card rather than built in video take a look at it too.

If it were mine I would want to get the freezing fixed first before it damages the Windows installation.

You should also run a Hard drive test. SeaTools for DOS should work. This page has links for the download and instructions. Run the short and the long test. If they find an error, Backup the drive before doing the repair. Doing the repair could cause a no boot / Data loss situation.

Maybe someone else can answer your problems about the detected files.

Good Luck
Roger

Edited by rotor123, 14 December 2012 - 10:26 AM.
Additional Content

Fortune Cookie says: Fortune not Found: Abort, Retry, Ignore?

Sent from my All-In-One Desktop. Perfect for Internet, Not for heavy usage or gaming however.

How Does a computer get Infected? http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
Forum Rules,    The BC Welcome Guide

167 @ June 2015


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 PM

Posted 16 December 2012 - 05:19 PM

A for the infectios.. These malicious applications give hackers remote access to the infected computer and allows them to perform operations like modification of files, theft of personal information, installation of other malicious software. This threat invades a PC with the help of infected email attachments, links and websites, among others.

If you received a pop-up warning for Exploit_c while you were surfing a website, chances are that the threat was blocked and there's nothing to remove. If it was found thru a scan then it entered.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.


The other machines are OK as the malware files did not open.

Free AV for MAC by SOPHOS

Considering all isssues here you may want to consider reformatting. We can clean iit but that will not solve the other issues.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 NoseSeeToads

NoseSeeToads
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 17 December 2012 - 07:17 AM

Thanks both... useful comments, but (sorry/please excuse me) I was really looking for specific answers to those specific questions above. Please don't take this as me being ungrateful - it's just that it was those things I want to know.

I can see that the computer hardware problem is a big one - and you're clearly right - I need to get that fixed in any case. I'll be doing this.

Thanks, I'd feel safe if I could say that the antivirus software had picked them up on download - but as I said earlier I can't confirm that.

Unfortunately I don't know that my antivirus software (AVG free) picked these up when the computer encountered them (my wife is always a bit vague about what messages she reads, although she's fairly careful with choosing the safe option, so I have no way of knowing what she did/saw on the day she encountered these). That was one of my reasons for the more specific questions... I fully appreciate that my lack of experience here means that I don't know what the presence of these files in the browser's cache files means. Would they be there anyway? Would they be there even if my software was up to date and not vulnerable? Are these likely to be infected files downloaded only, or does their presence mean that the nasty stuff actually did (or tried to) something on the computer? Can I work out what the files are (beyond the random names they have in the cache) so that I can ask my wife whether she read them (etc).

And with fresh installs of malwarebytes and AVG both coming up clean with their scans repeatedly is it still possible that something's on this machine?

You'll get that what I'm wanting to avoid if at all possible is a full set of changes to every password I have and fresh installs of everything under the sun if there's plenty of evidence that we caught this before damage was done.

Thanks loads for help with this.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users