And IE6, and Flash, and Office file formats... etc., etc.
9:42 AM
SteveBrooklineMA said...
I have gotten this a few times recently. It's awful. Sometimes the file is in "All Users" rather than a particular user. Sometimes it's not within "Local Settings"
I find it puts a lot of junk in "WINDOWS\system32" as well
I ended up booting off a CD using BartPE and deleting the files that way before booting XP.
I used "ASSOC .EXE=exefile" to reassociate .exe files to executables.
Using the free version from malwarebytes.org seems to corral that pesky little rascal and give it the heave-ho ...
7:36 AM
If you ever visit the photo site IZIsmile, be warned that it appears to be hosting some pretty nasty malware this morning. One of the virtual machines I use to surf was pwnt (infected) this morning and the sequence of events went something like this. The instant I visited the site (using Firefox), Adobe's Acrobat Reader crashed, but not before shellcode was able to download, install and run two programs[Image]A fake "Antivirus XP 2010" (av.exe) began running, which closely resembled the Microsoft Security CenterIt pretended to identify dozens of threats while scanning the VMIt disabled Avast antivirus, which was running on the VMIt changed the ".exe" file association to point to it first (the Control Panel's Folder Options, File Types), so it would try to start itself anytime a program ranIt started a twin keep-alive program, which would occasionally check to see whether av.exe was still running (say, if you closed it using Task Manager), and restart it if it had been closedIt added some registry settings to Internet Explorer and Firefox to ensure that each time these programs were started, it was also kicked offIt's a pretty nasty little piece of work, though it could have been much worse.
Its real goal is to pretend to identify all kinds of threats, at which point it tries to force you to purchase the "antivirus" cure.
If you do get infected, be aware that the av.exe file is secreted away pretty well in your local user "Documents and Settings" folder.
cd "c:\Documents and Settings\jsmith\Local Settings\Application Data\
"Warning: Popular Photo Site IZIsmile.com Is Hosting Malware"
4 Comments -
The real problem here is Adobe.
9:37 AM
And IE6, and Flash, and Office file formats... etc., etc.
9:42 AM
I have gotten this a few times recently. It's awful. Sometimes the file is in "All Users" rather than a particular user. Sometimes it's not within "Local Settings"
I find it puts a lot of junk in "WINDOWS\system32" as well
I ended up booting off a CD using BartPE and deleting the files that way before booting XP.
I used "ASSOC .EXE=exefile" to reassociate .exe files to executables.
10:55 AM
Using the free version from malwarebytes.org seems to corral that pesky little rascal and give it the heave-ho ...
7:36 AM