I got infected!

I clicked around on a few sites today, it was a light computer day, and then turned off my PC. When I came back later to check emails I noticed my browser, IE, opened automatically to some weird page, yp.com? Well I figured I did something wrong and blew it off. After some more weird stuff, I scanned my PC. I was infected with Java/ByteVerify.

Since I've only been to a few news sites, and posted links in this forum, I wanted to get the word out. It was a Trojan horse so it blew through my resident VA program. If you have weird happenings with your IE browser, do an extra check on your system.

hth,

tom

 

Is that something that Firefox would have stopped? I have a lot less weirdo things happening since I changed to FF.

 

Use NAV and forget about worrying about viruses ever

 

e10,

I thought so too, but it was a java file that was infected, and after reading what it was, it's more associated with Windows OS rather than the browser.

later,

tom

 

I'm with Fryman here, NAV is the best options to making sure you never get this again. Don't use a free virus scanner *Unless you don't have any money, in which a shete virus checker is better than none*

 

I use AVG free version and must say it has done a bang up job till now. That, FF, spybot and adaware. Anything I should add?

 

Yeah, but how do you know its done a good job . I mean you could have SoapWasAGirl.Bot.Killer on your system and never know. AVG is the best of the free, but.. not the best

(Woot!) That was my unlucky post, post number 666)

 

I bought Norton. It was a nightmare and their customer service sucked so in the end I ditched it as a bad job. AVG doesn't mess up my computer. Which paid one would you recommend.

 

Really? I must be one of the top Norton fans out there... been using Norton ever since I had my first computer, still remember that amazing Norton Uninstaller program, I loved it and can't understand why they discontinued it.

Now I can't work without my Norton Systemworks, the NAV keeps me protected while Norton Utilities keeps my computer working at 100%.

 

My own problem with Norton was when I first installed it, it keep freezing, but a quick call to customer service and it was fixed within.. 10 mins max.

 

I had a nightmare Fry! It screwed up everything in my computer. More than likely some dumb thing I did, but Norton's cs was non-existant and in the end I swallowed the cost and took it off my system. I've had no problems at all with AVG, either with viruses or conflicts.

 

Norton is one of the worst AV programs I've ever used. I've maintained networks of 500+ computers/servers and seen *SO* many viruses that Norton has repeatedly ignored that all other antivirus systems pick up weeks before NAV.

To each their own, but I certainly wouldn't trust any of my systems/networks to NAV. I recently installed ClamAV and Spamassassin on my mail server, and it seems to do a pretty good job of filtering viruses from e-mail, and I always check MD5 sums when available for downloads.. that combined with a solid firewall should keep anyone clean.

 

FWIW, I hope that everyone who is still using IE realizes they absolutely need an anti-spyware app, no matter which anti-virus software they've got installed. Spyware and viruses are different things.

(Of course, switching to Firefox will certainly alleviate the spyware/malware/adware problem as well.)

Spybot and Ad-aware, as mentioned above, are both decent applications; however, Microsoft's Anti-Spyware has grabbed the anti-spyware crown since its release. For anyone who dislikes Microsoft products (one is sitting right here), remember, Microsoft didn't actually develop this software but rather bought it and the company that developed it for some undisclosed amount of megabucks, so it's pretty good.

There's a good anti-spyware comparison and information here.

Myself, I've got it easy; no such problems on Linux

 

Got a follow up. It appears that I had several infected files. After checking G for any answers I got that others were infected after they visited "TheOnion" TheOnion isn't a typical site I visit, but I do now remember following a link in a forum, was it here? Did anyone else get redirected to the TheOnion site?

later,

tom


P.S. the infected file is c:\asdf.exe some AV programs don't seem to identify it. It's a trojan so it works outside of your browser.

 

That's a little on the optimistic side, Fryman. No antivirus software is 100%. Symantec is good but not infallible.

Tommo, I'm really surprised you got hit with ByteVerify. Since it is so old it should have been detected immediately.

 

Ah, let me update you on that. That was a false positive, or it was caught and with the weird behavior and the message something was wrong(and immediately fixed), I thought I was clean.

It was the weird behavior again (browsers opening like pop-ups) that made me look harder and found weird files(although AVG didn't see it). Oh others infected have sent the files to virustotal (many AV's all up to date) and Symantic didn't initially catch it.

Still trying to get rid of it. Ad-ad-ware says I'm clean, AVG says clean, Panda says some nonexistent file is infected, Mcafee says I'm clean, and symantic only found the infected file in my recycling bin(which I deleted fully). But I still have weird behaviors.

I'm still hunting.

later,

tom

 

It sounds like you have spyware, so don't bother with the AV apps. Try the anti-spyware apps mentioned earlier in this thread (Ad-aware doesn't detect everything).

If none of them help (I know from bitter personal experience that there indeed are some "super" malware programs that none of the common programs can remove) then you can try HijackThis which is considerably more technical but should be able to remove pretty much anything.

 

Yup infected with spyware.

The file that Panda said was infected I found. Have to turn on view hidden files (which I did), and find another option to turn on view hidden PROTECTED files, which I just found.

The file c:\windows\system32\pmkhg.dll now that I renamed it, spoolsv.exe isn't trying to access a DoubleClick network.

Funny how most of these big companies say they frown on SpyWare, but do nothing to stop profiting from it. I mean, wouldn't they be suspicious some computer trying to access them? Tisk, Tisk.... Also wouldn't trafficexplorer get suspicious from all the browsers over night accessing them for queries? (the place my random browser openings went to).

tom


PS results from other AV scanners courtesy of VirusTotal of pmkhg.dll (the original name)

Antivirus Version Update Result
AntiVir 6.31.1.0 08.25.2005 no virus found
Avast 4.6.695.0 08.25.2005 no virus found
AVG 718 08.23.2005 no virus found
Avira 6.31.1.0 08.25.2005 no virus found
BitDefender 7.0 08.25.2005 no virus found
CAT-QuickHeal 8.00 08.24.2005 no virus found
ClamAV devel-20050725 08.25.2005 no virus found
DrWeb 4.32b 08.25.2005 no virus found
eTrust-Iris 7.1.194.0 08.25.2005 no virus found
eTrust-Vet 11.9.1.0 08.25.2005 no virus found
Fortinet 2.41.0.0 08.24.2005 suspicious
F-Prot 3.16c 08.25.2005 no virus found
Ikarus 0.2.59.0 08.25.2005 no virus found
Kaspersky 4.0.2.24 08.25.2005 Trojan-Downloader.Win32.ConHook.i
McAfee 4566 08.24.2005 no virus found
NOD32v2 1.1201 08.25.2005 no virus found
Norman 5.70.10 08.24.2005 no virus found
Panda 8.02.00 08.25.2005 Trj/Downloader.EIC
Sophos 3.96.0 08.25.2005 no virus found
Sybari 7.5.1314 08.25.2005 Trojan-Downloader.Win32.ConHook.i
Symantec 8.0 08.24.2005 no virus found
TheHacker 5.8.2.094 08.24.2005 no virus found
VBA32 3.10.4 08.24.2005 no virus found

 

I am experiencing the same trafficexplorer problem. I'm not finding a pmkhg.dll in system32 with protected files viewed, but I am seeing a pmnlm.dll. I'm not seeing any other sites about this problem, so if you can help me out, it'd be appreciated.

 

If only IE was stored on another little HD id physically bash it with a hammer. FF all the way! The only time i use IE is to check if my pages look alright in other browsers. Used to catch all sorts of things with it.