|
Virus?
|
View this Thread in Original format
| smokeape |
Warning, something on the site lit off my Norton anti-virus.
btest4.scr is a Trojan Dropper virus
Booted in clean now after running all anti-virus and Ad-aware scans, but only logged into TranceAddict before, so beware. Could have come off of my ISP server as well...
:wtf:
[[[[smoke]]] |
|
|
| smokeape |
Let me add here a good defense against common spyware.
Create a text file and just put "test" in as verbage. Rename the file a.exe and set its properties to Read Only to block overwriting.
Do the same with a text file and rename it bridge.dll ; this will stop frequent spyware attacks.
Put them both in the Windows/System32 folder
;)
[[[smoke]]] |
|
|
| Vlad |
| Where do we put the files? |
|
|
| TeKnoHe@d2025 |
| quote: | Originally posted by smokeape
Let me add here a good defense against common spyware.
Create a text file and just put "test" in as verbage. Rename the file a.exe and set its properties to Read Only to block overwriting.
Do the same with a text file and rename it bridge.dll ; this will stop frequent spyware attacks.
;)
[[[smoke]]] |
Huh? Any particular place you gotta create these files? |
|
|
| smokeape |
| quote: | Originally posted by TeKnoHe@d2025
Huh? Any particular place you gotta create these files? |
Ooops, sorry, good point. Put them in the Windows/System32 folder. I updated my previous post.
:cool:
[[[smoke]]] |
|
|
| ASOT100 |
| quote: | Originally posted by smokeape
Let me add here a good defense against common spyware.
Create a text file and just put "test" in as verbage. Rename the file a.exe and set its properties to Read Only to block overwriting.
Do the same with a text file and rename it bridge.dll ; this will stop frequent spyware attacks.
Put them both in the Windows/System32 folder
;)
[[[smoke]]] |
wth, how does that work? |
|
|
| TeKnoHe@d2025 |
| Yes, please go more in-depth about this. Plus show some proof to back up your information here... |
|
|
| Vlad |
| Im guessing, if the files are already there, just delete or overwrite them with the new ones. |
|
|
| smokeape |
| quote: | Originally posted by Vlad
Im guessing, if the files are already there, just delete or overwrite them with the new ones. |
Roger, overwrite the existing files. There is no purpose for an a.exe or a bridge.dll file in your System 32 directory. If you reboot and get an error message, then go to Regedit HKLM/SOFTWARE/MICROSOFT/WINDOWS/CURRENT VERSION/RUN and delete any keys which start a Bridge.dll file at startup.
Post your startup files here as well and I will tell you what you don't need to be running.
Ooops, sorry. This is not supposed to be a Geek Forum...
:D
[[[smoke]]]
Caater ft Trinity - Endless Summer |
|
|
| Boomer187 |
do you have sql installe don your system?
that seems like the old technique people would use by using either tftp or ftp.exe to send over servu files.
if it is servu it doesn't matter if you create those files...they can rename theirs. would be better to find out hwo they are getting in in the first place. |
|
|
| smokeape |
| quote: | Originally posted by Boomer187
do you have sql installe don your system?
that seems like the old technique people would use by using either tftp or ftp.exe to send over servu files.
if it is servu it doesn't matter if you create those files...they can rename theirs. would be better to find out hwo they are getting in in the first place. |
Don't quite understand, but the two files I named are common spyware targets which write themselves into System 32 Files all the damn time. Best defense is just to create them as Read Only innocuous type files so they cannot be overwritten. Blocks the script on the spyware. Doesn't hurt anything to do it, so what the hell. You create an a.exe file which is nonexecutable and a bridge.dll file which is nonexecutable as well.
:toothless
[[[smoke]]] |
|
|
|
|
