Skip to main content

window server 2003 machine infected with Trojan.Agent.BXGE

By
window server 2003 machine infected with Trojan.Agent.BXGE

- user reports pop ups
- look at running apps - sdra64.exe, pp06.exe, pp05.exe, ld03.exe
- googling for sdra64 shows results - clicking results goes to different page = PROXY!
- check firefox proxy settings - set to use localhost port 7171 - disable
- kill process
- use msconfig - to check startup and services
- search registry for sdra64.exe and remove
- search drive for sdra64.exe and remove
- reboot
- read about virus - find out about dll32.dll - and try to delete it

found info here:
- http://www.k7computing.com/index.php/component/option,com_k7virus/Itemid,94/id,543/view,showvirus/
- http://www.threatexpert.com/report.aspx?md5=7e98c199e9790a392c2f27cf38b8a6c2
- http://www.wilderssecurity.com/showthread.php?t=236711
- http://insecureweb.com/javascript/secure-yourselffrom-the-recent-pdf-exploits-by-disabling-javascript/

confirmed:

user had received and clicked:

* The spammed messages are as follows:
o The Subject line may be the following:

DHL Tracking number #MR9NM82293G04TR

o The Message part may be the following:

Hello!

We were not able to deliver postal package you sent on the 14th of March in
time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our
office.

Your personal manager: xxxxxxx,
Customer Service: 1-800-CALL-DHL
Fax: 888-221-6211
DHL International, Ltd. All Rights Reserved.

Comments

Post a Comment

Popular posts from this blog

How to change default calendar for new events in Lightning

By
https://getsatisfaction.com/mozilla_messaging/topics/how_set_default_calendar_for_new_events_in_lightning Edited version Open Tools > Options > Advanced tab, and click Config Editor button. In the "Filter:" box enter "calendar.registry"  Find a .calendar-main-default key - it will be set to true Other calendars either won't have a .calendar-main-default key (or it will be set to false) Right click on the value of the .calendar-main-default key that goes with the calendar that currently shows up by default in new events to toggle the value to false Click on the .calendar-main-in-composite key that goes with the calendar you want as default Right click on the same key and choose Copy Name from the menu that appears. Now right click on the key again and select New > Boolean Paste the name of the key and Use the backspace key to erase "in-composite" and type "default" Click OK and Choose true and click OK Now exit out of ...
17 comments
Read more

clipy mac clipboard crash - troubleshoot and fix

By
 clipy for mac wouldn't load solution - timemachine restore of /Users/jpaul/Library/Application Support/com.clipy-app.Clipy/default.realm troubleshoot key command didn't work app not loaded console.app showed app crashing tried older newer versions of app tried older version of os tried to find data location no documentation on github /Users/ME/Library/Application Support/com.clipy-app.Clipy/ - didn't see any data /Users/ME/Library/Application Support/Clipy - found data in binary format tried silver searcher for the only keyword i could remember: ag keyword ~/ -  no results added binary ag --search-binary keyword ~/ Binary file /Users/ME/Dropbox/Backups/com.clipy-app.Clipy/default.realm matches. it is in default.realm downloaded realm studio - but i was getting an error Unable to open a realm at path '/Users/ME/Desktop/default.realm': Invalid top array size  googling that - it's a corrupt database restored default.realm from timemachine  and database opened and ...
Post a Comment
Read more