Author Topic: flices.biz/gate.php  (Read 23174 times)

0 Members and 1 Guest are viewing this topic.

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #45 on: August 23, 2012, 04:06:04 PM »
So, I downloaded Windows Repair and ran it but it asked for the installation disk.  There was no browse option.

I followed your directions for the registry change but the SourcePath does not point to the CD-ROM drive.  It points to C:

I do not have a clue.  Are there any other options?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #46 on: August 23, 2012, 05:54:32 PM »
Could you confirm that this path is also set to C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SourcePath

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #47 on: August 23, 2012, 05:58:34 PM »
It is set to C:I386

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #48 on: August 23, 2012, 06:10:43 PM »
The path should be just C: nothing else

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #49 on: August 23, 2012, 06:12:38 PM »
Okay - should I change it?  Will the universe implode?

And if I change it, what then?

I do appreciate your help!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #50 on: August 23, 2012, 06:14:47 PM »
Nope, the world will still turn ;D.  What is happening is that the path it is looking for is C:\i386\i386

If again it should ask for the disc let me know... Meanwhile I will do some playing on my VM

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #51 on: August 24, 2012, 03:36:53 PM »
Life got in the way but I have changed the key and rerun Windows Repair.

It is still asking for the Windows XP Professional Service Pack 3CD.

Is there anything else I can do?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #52 on: August 24, 2012, 04:38:27 PM »
I have just been playing with the commands on my VM and for some reason I am getting the same error, although I told it to look in C where the i386 is ???

How is the computer behaving at the moment... Whilst I track down the cause of this

burnside

  • Guest
Re: flices.biz/gate.php
« Reply #53 on: August 24, 2012, 05:10:23 PM »
Computer seems to be behaving okay though a tad slow when opening webpages.  Must admit that I have been limiting what I ask it to do since you told me that the system is unstable.  I loaded all the most important files onto a memory stick. 

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #54 on: August 24, 2012, 07:18:59 PM »
Give it a bit of a burn test and use the system quite heavily and let me know how it behaves


burnside

  • Guest
Re: flices.biz/gate.php
« Reply #55 on: August 24, 2012, 09:36:34 PM »
"Burn test"??

Do you mean something like this? (I googled it)

http://www.passmark.com/products/bit.htm


Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: flices.biz/gate.php
« Reply #56 on: August 24, 2012, 10:08:12 PM »
My apologies, bad jargon.. Run all your programmes that you normally would, run several Google searches and then see if all is ok with your system.  No unusual things happens like slowdowns or redirects 

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33895
  • malware fighter
Re: flices.biz/gate.php
« Reply #57 on: February 06, 2014, 01:30:50 AM »
Well there is a new kid on the block also making use of this form of 
Quote
  domain.com/gate.php?data=   
injected javascript.
Read on Qadars banking Trojan here: http://www.welivesecurity.com/2013/12/18/qadars-a-banking-trojan-with-the-netherlands-in-its-sights/
link article author = JEAN-IAN BOUTIN
So we see the malcreants are embroidering on using the same malware patterns through the hand of various distinct malcreant/developers, whose miscreations are being bought by cybercriminals to do their evil part. Particular aspect for the Quadars campaign is the spreading within particular countries to do the rounds more effectively.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!