Multiple iexplorer.exe instances amid other exe's + java script redirects

View previous topic View next topic Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 8th August 2010, 11:51 pm

Well I found out something useful on my end.

They hacked my router - reset the DNS via the default password.

I have reset to factory defaults and configured a strong password. I have also changed the existing key above to the correct DNS for cox.net on my system.

Checking has revealed all systems on my network have the above listed russian dns address in the registry.

Now I want to know how it got in and what else to kill/change/delete.

I found a thread in parallel with same problem:
[You must be registered and logged in to see this link.]

cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 9th August 2010, 1:37 am

So I was hit with whatever this is mid to late July.

With the MS security advisory:
[You must be registered and logged in to see this link.]
and the patch released on 8/2/2010

Coupled with the PDF issue in Acrobat products:
[You must be registered and logged in to see this link.]

I unchecked the default Acrobat setting "allow opening of non-pdf file attachments with external applications" to address what I can.

This was after the fact of whatever attach I was hit by.

Plus at the same time - google-analytics related java issues...
[You must be registered and logged in to see this link.]

&

[You must be registered and logged in to see this link.]

Java Update
jre-6u21-windows-i586-iftw-rv.exe was released on 7/17/2010

All of the above has muddied the water + the release of Firefox 3.6.7 + 3.6.8 durring the same period has made this a moving target which very well may have used several if not all of the above listed vulnerabilities to gain access and obviously it is not stopped by adding the patches after the fact. And once in it is undetected by anything!

This seems to me like a big deal cybersecurity wise - esp with Russia involved. Call me alarmist but this is not good.

Any thoughts?





cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 9th August 2010, 3:52 am

Additional note - after correcting the dns mapping I am now able to update AntiMalware no problem. Performing a full scan. Zero results so far - not even seeing any tracking cookies. I almost wonder if its the real tool.

cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by Belahzur on 9th August 2010, 11:56 pm

Hello.
How is the machine running now then? no more re-direct issues?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 10th August 2010, 1:50 am

I ran adaware on 2 of my systems - this one (wifes) and mine - both were infected with

Trojan.Win32.Generic!BT - in a system volume info file in each case

CoreGaurdAntivi\09.FakeCog(fs) was also removed from this (wifes) system

Overall it is much faster - but still a bit slow on the start up. So maybe we are out to the clear.

I ran across an article warning about this DNS hack on techrepublic.com
here is a link

[You must be registered and logged in to see this link.]

This explains how they got in - much as I suspected.

It still bugs me that AntiMalwareBytes won't detect anything.

What protection suite do you recommend? I need something and I am not impressed with the performance of the these I have tried.

Even Stinger was updated a few days ago and saw nothing wrong.

That article mentions an add-on for firefox and I have its called "noscript" - it will block DNS hack attempts and forces you to give permission for Java to run on each page. Seems to work well.

So far I have not had any pupups or redirects.

Thanks for all your help - I never would have seen that.

cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by Belahzur on 10th August 2010, 11:52 pm

Hello.
System Volume Information is just System Restore, we can flush that, it's not a big issue.

Other than that, no complaints? Smile


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 11th August 2010, 3:28 pm

So far repeated scans show nothing but presumed false positives on the downloads we have done.

The system is not what I would call 'normal' but is much better.

I had turned off (I assumed early on that the restore points were infected) system restore but it is now turned back on - I assume due to the fact that several of the packages I have run said they were creating restore points.

Overall it is just sluggish still.

Any thoughts?

cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by cybernazi on 12th August 2010, 2:17 am

I have downloaded and installed all the Tuesday midnight Microsoft updates. It still launches double instances of IE and takes at least a full minute just to open the screen and show me the page for windows update.

About five minutes to check for updates.

Don't know what it is but this system was never that slow.

cybernazi
Intermediate
Intermediate

Posts Posts : 69
Joined Joined : 2010-08-06
Gender Gender : Male
OS OS : Windows 7 Pro
Protection Protection : Ad-Aware, Anti_Malware
Points Points : 24191
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Multiple iexplorer.exe instances amid other exe's + java script redirects

Post by Belahzur on 12th August 2010, 11:46 pm

One thing that may help is your RAM. Your current log shows me you only have 500mb of RAM, when nowadays you need at the very least 1gb if not more for this day and age machines to be able to run smoothly.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum