Strange Result

View previous topic View next topic Go down

Strange Result

Post by mdavidjohnson on 9th April 2010, 6:57 pm

I administer a system which includes two servers running Windows 2003 Server and 48 workstations running Windows XP Pro.

One of the workstations was infested with XP Defender and Total XP Security to the point where it was impossible to access MS Outlook for email or perform any other useful work.

Under my administrator's account, I downloaded, installed, and updated MalwareBytes on the workstation and did a quick scan which removed all the bad stuff. A restart and rescan confirmed that it was all quarantined.

But now the user can't start any programs. Clicking on the icons for Outlook, Word, Adobe Reader, etc. gives the popup, "Application not found". Going to the actual executable under c:\Program Files pops up the box asking what application you want to run the file under. Apparently, the system is no longer recognizing .exe files as executables.

This is, however, only a problem when running under the user's account. It does not occur when running under the Administrator's account.

Suggestions?

M. David Johnson

mdavidjohnson
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-04-09
OS OS : Windows XP SP3
Points Points : 24463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange Result

Post by Belahzur on 9th April 2010, 8:44 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Strange Result

Post by mdavidjohnson on 9th April 2010, 10:12 pm

Thanks - I'll give that a try tomorrow.

BTW, if XP Defender et.al. are spoofs trying to trick us into buying their product, do they actually have a website where they sell the stuff and collect money?

If so, why can't we go there and do unpleasant things to them like, oh I don't know, say expose them and get them all arrested ??

mdavidjohnson
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-04-09
OS OS : Windows XP SP3
Points Points : 24463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange Result

Post by Belahzur on 10th April 2010, 7:07 pm

Well, it's not that easy.

Websites can be tracked to where they are hosted, but the guys who register them can use whois protection so they just see the hoster and not the real person controlling the domain.

Worst they can do is contact the ISP hosting them and ask they shut them down, sadly hardly anyone is listening to our claims.

If they did have a website, yes there is bad things people can do to the website, but they are illegal and would lower you to their level in attacking back like that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Strange Result

Post by mdavidjohnson on 11th April 2010, 1:23 pm

I agree. Stooping to their level is unacceptable.

But what they are doing is internet fraud, is it not?

Would the Justice Department not be interested?

M. David Johnson

mdavidjohnson
Novice
Novice

Posts Posts : 14
Joined Joined : 2010-04-09
OS OS : Windows XP SP3
Points Points : 24463
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Strange Result

Post by Belahzur on 11th April 2010, 10:35 pm

Well, yes and no.

They are trying, but these malware writers use hacked domains to host their crap, so when the sites are shut down, they've shutdown some innocent persons website.

Other sites hosted overseas, not much can be done. Countries like Japan and China, they aren't part of the EU and have different laws, so these kind of countries tend to have governments that don't care about malware.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum