Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected... But With What?


  • Please log in to reply
4 replies to this topic

#1 spgster

spgster

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 31 August 2006 - 05:12 AM

Hi,

The other day I went to a crack website and downloaded a keygen, I run it and then all hell broke loose.
I started getting my Norton NIS2006 app reporting viruses every few minutes. I noticed I had 2 files running:

ISHOST.EXE
ISMON.EXE

So I shut down my network connection and did a full virus scan using Norton. Found nowt.
So, I rebooted in safe mode, deleted the ISMON and ISHOST file, and noticed that in windows\temp there were a couple of exes and loads (and I mean thousands) of SOSxxxx.TMP files.

I deleted these, then ran a check using the Panda website. This found some dialers and reportedly removed them. I then downloaded AVG and this founf "Dialer.tg" inside the DrUninstall.EXE file. Again I did the clean.

Then I loaded Windows Defender, and this found some dodgy .sys files, so it removed them.

Then I ran a scan using AVG, then Norton and both came back fine (CLEAN).

I restarted the PC, looked in the windows\temp file and guess what? 65000 SOS****.TMP files again.

Where are these coming from?

Can anyone help me to determine if I am still infected with anything and how to get rid of it please?
Both Norton and AVG are reporting no problems..

Steve

BC AdBot (Login to Remove)

 


m

#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:07 PM

Posted 31 August 2006 - 06:04 AM

You've just discovered one of the biggest problems with using those types of websites.
You never know what type of garbage you're going to end up with.

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it more difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Notorious

Notorious

  • Members
  • 345 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Amsterdam
  • Local time:02:07 PM

Posted 31 August 2006 - 09:46 AM

What tg 1911 said AND.... Get rid of Norton.. If you had a good virus scanner this wouldn't happen in first place.
I used to run NIS and got all kinds of viruses and crap without even going to warez or porn sites.
Try Kaspersky or NOD32 for starters.. Even AVG freeware version is better than Norton.. Hell.. Anything is better then Norton.. :thumbsup:
Posted Image

Down in the bayou, Bubba called an attorney and asked, "Is it true they're suin' the cigarette companies for causing people to get cancer?
"Sure is Bubba. But why you asking?"
"Cause what I want to know is, I was thinking, can I sue Budweiser for all them ugly women I've slept with?"

#4 Dennis H

Dennis H

  • Members
  • 893 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 31 August 2006 - 10:44 AM

What tg 1911 said AND.... Get rid of Norton.. If you had a good virus scanner this wouldn't happen in first place.
I used to run NIS and got all kinds of viruses and crap without even going to warez or porn sites.
Try Kaspersky or NOD32 for starters.. Even AVG freeware version is better than Norton.. Hell.. Anything is better then Norton.. :thumbsup:



You know, the more I read of this kind of stuff the more I am tempted to dump Norton 2006 which I just purchased 2 months ago.

Dennis :flowers:

#5 spgster

spgster
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 03 September 2006 - 12:11 PM

Hi,

I have posted the HiJack This log in the relevant forum now.
Just a quick update.
It appears that the many thousands of sosXXXX.tmp files are being written through the NIS CCAP.EXE process (Using sysinternals tool to monitor this) and it seems that whenever I open IE and browse the net that these files are being created.

Have tried runing a full scan using:

NIS 2006
Torjan Hunter
Windows Defender
AVG
David H. Lipman's Multi scanner toolkit.

None of these seem to find any virus or trojan now but I am still getting messages from Norton saying that Regedit.exe tried to change my home page, and also these many thousands of files..

Bit scared!

Steve




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users