b.exe msa.exe removed but apache and logmein unavailable
Posted: Wed Oct 28, 2009 1:54 pm
So I removed b.exe and msa.exe from some phony patch I found online, one of those sites that try to sell porno and pirated programs on the side banners as you browse. I scanned the 98k patch, which I should have known was a script, and avg found nothing, nor did malwarebytes. I did in my head, I thought, ok, this is it:
patch-******.exe really is ->
patch
(zip
(another zip zipped inside this zip
( script 1, 2 , 3)
)
)
so in other words, many things will not be seen as a virus or trojan when scanned even with heuristics because of nested compression. Anyway, I disinfected the problem with AVG, Malwarebytes and spybot. I think I also ran spyware doctor, which I am sure have dealings with the virus writers directly! The hackers write the virii, and spyware doctor pays to have exclusive first rights to the cure. Guaranteed.
After F8 safe mode and disinfecting it, I noticed the system still took a while to run and boot up. Then I noticed remotely I could not see my Apache server on port 8080, and logmein properly either.
I pinged my server 72.94.171.*** and surely it responded 100% no packets lost (*** means fuck you if you want to hack my system with the IP)
So, finally after lots of removal of vmware, special sentinel drivers, and you name anything else exotic, I figured, what could it be? Well...
b.exe and msa.exe did something tricky, simply, and nasty, they went into the control panel's firewall and check marked the option to not allow for anything to go through (in) to my system ergo nothing cuold see anything I was broadcasting, web on apache server or logmein. So, I unchecked it, and voila, it works like a charm. XP login is much faster as well.
patch-******.exe really is ->
patch
(zip
(another zip zipped inside this zip
( script 1, 2 , 3)
)
)
so in other words, many things will not be seen as a virus or trojan when scanned even with heuristics because of nested compression. Anyway, I disinfected the problem with AVG, Malwarebytes and spybot. I think I also ran spyware doctor, which I am sure have dealings with the virus writers directly! The hackers write the virii, and spyware doctor pays to have exclusive first rights to the cure. Guaranteed.
After F8 safe mode and disinfecting it, I noticed the system still took a while to run and boot up. Then I noticed remotely I could not see my Apache server on port 8080, and logmein properly either.
I pinged my server 72.94.171.*** and surely it responded 100% no packets lost (*** means fuck you if you want to hack my system with the IP)
So, finally after lots of removal of vmware, special sentinel drivers, and you name anything else exotic, I figured, what could it be? Well...
b.exe and msa.exe did something tricky, simply, and nasty, they went into the control panel's firewall and check marked the option to not allow for anything to go through (in) to my system ergo nothing cuold see anything I was broadcasting, web on apache server or logmein. So, I unchecked it, and voila, it works like a charm. XP login is much faster as well.