Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello; Irobt Have A Bug


  • Please log in to reply
1 reply to this topic

#1 iRobt

iRobt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 23 April 2007 - 02:37 PM

As far as I know, I've had this problem since last week. I'm here for recovery.

I had a flickr account. One of the registered users of my account was infected. The hijacker used her username to post about a dozen babe's related graphics on my site beginning in Feburary.

I didn't review the site until last week. From my homepage I saw the thumbnails, which I took to be spam. I didn't view the files, but just used the checkboxes to delete them.

This user had a daughter that was a member of my daughter's cheerleader squad last fall. There was politics going on which my family had nothing to do with within the sanctioning body. I assumed she spammed the site as some kind of retribution.

I emailed her reminding her that I had nothing to do with the problems and had set up the flicker account as a service to the kids and parents so we could all share our pictures of the kids doing their thing.

The next day when I checked my privoxy log instead of localHost or 127.0.0.1 the header said "...privoxy on babe@the-killer.bz"

running netstat at the command prompt shows at least 4 active connections to babe@the-killer.bz and sometimes dozens of connections waiting to become active.

netfxsl.log shows shadow launcher executed within .net and registry entries hidden, as well as a taskbar icon hidden.

A google search for babe@the-killer.bz only shows references to babe.the-killer.bz, and a few other variations. None with the @ symbol which would log a user into the-killer.bz as babe.

A search of your site for same only delivered me a message suggesting i intoduce myself.

Howdy y'all

*~ Mod Edit - Topic moved to a more appropriate forum - rigel ~*

Edited by rigel, 23 April 2007 - 03:27 PM.


BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:04:43 PM

Posted 23 April 2007 - 02:49 PM

Hi, and welcome to bleeping computer, iRobt. I would recommend that you start with the new user orientation center, here: http://www.bleepingcomputer.com/forums/f/82/new-user-orientation/

and then go here: http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users