if you want to send me a hijack this log, I have a certain amount of intellectual curiosity about this. I'd be interested in looking, though I did not spot anything on gel's. You should also post on castlecops. And, in case you weren't watching when I saif this to gel, be aware that hikack this flags all sorts of non-standard stuff that may be just fine if you know where it comes from.
On Thu, Dec 4, 2008 at 4:31 PM, Michael Grant [Modus IS] <[EMAIL PROTECTED]> wrote: > Yikes, that's discouraging. I wonder how I got it too. It's my work compy so > I can definitely say I haven't visited any sites of ill repute. I'll look > for those processes tomorrow at work. Thanks. > > > -----Original Message----- > From: Vivec [mailto:[EMAIL PROTECTED] > Sent: Thursday, December 04, 2008 6:28 PM > To: cf-community > Subject: Re: hey duane > > :) > hee hee > > Actually, I haven't managed to fix it definitively. > > Spyware doctor caught some things in the System 32 directory, and I thought > that was that. > But then other issues kept popping up. That iexplore.exe process in > Taskmanager kept running. > > Then I realised i had two files, one called taskmagr.exe and mscat.dll (sp?) > all very closely named to actual proper Windows system files. > I deleted these, but I don't know if that fixed it. > > based on this, the system may be infected with virtumonde. > > What was alarming though, is that I switched to my Vista partition, and it > was infected with something as well. Very strange stuff. > Since its a dual boot, what affects XP should not affect Vista...so it means > the infection vector was present on both Operating systems. > > Is it a website I visit? A program I am running? At this point I still can't > say. > > Dana and I went over my HijackThis logs, but they didn't show anything > conclusive. > > 2008/12/4 Michael Grant [Modus IS] <[EMAIL PROTECTED]> > >> HAHAHAHAAHAHAHA. >> Touche. I deserved that. ;) >> >> >> -----Original Message----- >> From: Vivec [mailto:[EMAIL PROTECTED] >> Sent: Thursday, December 04, 2008 6:12 PM >> To: cf-community >> Subject: Re: hey duane >> >> >> > http://forums.trinituner.com/upload/f2066172-c465-4a01-9487-713ab0e9c921.jpg >> >> (@_@) >> >> 2008/12/4 Michael Grant [Modus IS] <[EMAIL PROTECTED]> >> >> > Hey Vivec, >> > >> > Off topic but... >> > I have the same thing on my work computer. Just happened today and my >> > voices >> > I'm pretty sure were German, not Chinese. Lots of hidden iexplore >> processes >> > running. I killed them all and it stopped. Also noticed my google > results >> > are now getting hijacked. How did you get rid of yours? >> > >> > >> > >> >> >> >> > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:282190 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
