virus, trojan or what?  | | 
February 14th, 2002, 07:37 PM
|
#1 (permalink)
| | Senior Member
Join Date: Oct 2001 Location: Utah
Posts: 551
|
Hmm, weird one here.
My brother in laws work computer. He picked up something, that every once in a while pops up an internet explorer porn ad, that then prompts to download an activex type dialer program(I think they want you to run it, dial them, and pay a huge phone bill)
Anyway, Norton(fully updated) found nothing.
Also, this happens periodically, even when no browser is open, or when nothing is open actually. Windows XP, fully updated.
The only process running that didn't look familiar was one called openme.exe. Sounds fishy. located in the windows directory.
The only reference to it in the registry was under a key called shell with the value "explorer.exe openme.exe" not referenced in a startup key or anywhere else.
I'm guessing it just starts it up along with explorer upon boot?
I took it out, and deleted the actual file, and going to reboot now.
Just wanted to see if any of you have seen anything like this before?
p.s. downloading some trojan detection progs right now, and mcafee.
dragonb
Also, as per a thread talked about before, this definitely qualifies as "Scumware"!!! | 
|  | |
February 14th, 2002, 07:44 PM
|
#2 (permalink)
| | Senior Member
Join Date: Oct 2001 Location: Springfield,Mo
Posts: 596
|
Sounds like you prob found it. I've had three instances in the last two days of imbedded scripts trying to install them selves (2 in gifs and 1 ina jpg). I run Grisoft anti virus and so far nothing has gotten by it.
__________________
Those who cannot remember the past are condemned to repeat it
| |
| | |
February 15th, 2002, 02:23 AM
|
#3 (permalink)
| | Not an OWO yet, just OLD!
Join Date: Oct 2001 Location: Uh, Central Oregon
Posts: 5,695
|
I don't know if it will catch it if it's already in place, but PC-cillin will definitely catch them trying to come in from the web.
You might want to run House Call and see if it can find it. It's a free on-line virus scan from Trend, the makers of PC-cillin 2000.
Harder | |
| | |
February 22nd, 2002, 05:10 PM
|
#4 (permalink)
| | Junior Member
Join Date: Feb 2002 Location: Toronto, Canada
Posts: 29
|
That must be it. I just looked on my Win 98SE system and found no "openme.exe" program in the windows directory. | |
| | |
February 22nd, 2002, 05:20 PM
|
#5 (permalink)
| | nuisance since 1968
Join Date: Oct 2001 Location: ɐqɟs
Posts: 10,457
|
Hey crystaldragon, I'm curious about these imbedded scripts that you talk about being in image files. You didn't keep one did ya? I'd really like to see one and how it works.
If by chance you have one, you could send it to me at outpatient@speedracer.com I would appreciate it.
Last edited by OuTpaTienT : February 22nd, 2002 at 05:25 PM.
| |
| | |
February 22nd, 2002, 06:02 PM
|
#6 (permalink)
| | Senior Member
Join Date: Oct 2001 Location: Springfield,Mo
Posts: 596
|
OuTpaTienT
Just saw your note. I would send that to you but we are too late. I have the virus vault set to clear itself every week. I'll try to remember and the next one I'll let you know before it gets deleted.
The best I remember they where imbedded in .gif files like you find in the temp internet folder with the cookies.
JD | |
| | |
February 22nd, 2002, 06:40 PM
|
#7 (permalink)
| | The Mad Redhatter
Join Date: Oct 2001 Location: NJ
Posts: 3,552
|
have you tried ad-aware? download it, download the latest ref file and see if that gets rid of it.
edit: fixed the url, sorry
Last edited by storm2k : February 22nd, 2002 at 06:43 PM.
| |
| | |
February 22nd, 2002, 07:49 PM
|
#8 (permalink)
| | Member
Join Date: Jan 2002
Posts: 87
|
yeah i downloaded own of those phone things before too. it wanted to have me pay to use it. wut does it do. | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
