Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Trojan Jpeg + Ip Intrusion

  • Please log in to reply
2 replies to this topic

#1 Dr Faustus

Dr Faustus

  • Members
  • 3 posts
  • Local time:11:29 AM

Posted 30 April 2007 - 10:38 PM

Hi all

This is more of a help for other people,, but I still need some assistance to know im no longer at risk

today i was downloading images and 5 that i downloaded didnt have the typical .jpeg filename (they didnt have a file name at all)

when i right clicked on one only 5 options appeared in the right click menu,,

send to,
preivew and

when i click on them all i got the delete option and properties.

I couldnt move these files, I couldnt edit these files, i dare not open the bleepers and I couldnt delete them (I cyber scrubbed them but all that did was delete they folder they were in, sending them to a temp folder.. which i couldnt erase)

in the properties menu their boxes had all been checked (encrypt for file security, ready for archiving, hidden, read only) after unselecting all the boxes and hitting ok,, they became re checkd ( so i suppose they were encrypted)

ok so far your thinking ok... so...
after they laned on my computer i began getting IP intrusion alerts from zone alarm (blocking it thankfully)
I got about 5 hits in 4 or so minutes,, and looking at the zone alarm logs, my computer was sending transmissions out to various ip's ( 88.xxx.xxx.xxx and a few x7x.xxx.xxx.xxx address before each hit ( i did an ip trace later of the outgoing but came up with a dead address..)

I managed to trace the incoming to xtra.co.nz and nic@gateway ( what eva that is)

and I managed to delete the encrypted files by using dos (all hail dos)

i got a few incoming hits the first time i rebooted after deleting those files, so i sent a few emails to the ISP's owning the incoming IP's and havent recieved any hits since. (zone alarm hasnt detected any unwanted incoming or outgoing)


My question is... Am I still being hit (or sending data out) but its not being detected ?
and would the dos deletion have successfully killed those files, not just sent them into hiding?

I dont think my problem is too common, but i noticed a microsoft update that talks about protecting a computer from intrusions due to trojans being mistaken as jepg due to some imaging error.

Edited by Papakid, 04 May 2007 - 08:36 AM.

BC AdBot (Login to Remove)


#2 Dr Faustus

Dr Faustus
  • Topic Starter

  • Members
  • 3 posts
  • Local time:11:29 AM

Posted 30 April 2007 - 10:41 PM

I think i may have deleted a part of zone alarm by mistake,, which is why i need to know if i can pick this up anyother way ?

#3 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,663 posts
  • Gender:Male
  • Local time:05:29 PM

Posted 04 May 2007 - 09:20 AM

First I've removed your request for a serial for Zone Alarm. Review the Forum Rules that you should have read when joining this site. I believe you know it is not allowed or you wouldn't have used those symbols interspersed in the request. BC does not aid in or support any illegal activity. We're also a family friendly site, so watch your language.

It also never ceases to amaze me that people think they have to have cracked version of commercial products when there are free versions (in your case ZoneAlarm Free) and other good alternatives, many of which can be found here: Freeware Replacements For Common Commercial Apps

I believe the info your looking for can be found here: GDI Scan Tutorial and how to fix the GDI+ JPEG Vulnerability

If you have all your Windows updates/security patches installed this shouldn't be a problem. But I get the feeling you don't. If you're installing cracks and maybe even your version of Windows is cracked, and from your description of the problem, you are most likely heavily infected and will stay that way til you get updated--including all your applications, as many of those application updates patch security holes as well. So it's best to stay legal with commercial apps and use freeware replacements for those you can't afford. Even that would be all for naught if you have a cracked windows and continue to use cracks as you will just stay infected.

My suggestion is to post a HijackThis log if you really want to get cleaned up. Please click on the following link and follow all the relevant instructions for precleaning and getting a log posted:

Preparation Guide For Use Before Posting A Hijackthis Log

Start a new topic in the HijackThis Logs and Analysis Forum, don't post your log here. This way we can help you get your system cleaned up as there is probably much more there that you don't know about.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users