« previous next »
Pages: 1 2 [3]   Go Down

Author Topic: rootkit ~.exe  (Read 12095 times)

0 Members and 1 Guest are viewing this topic.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89138
  • No support PMs thanks
Re: rootkit ~.exe
« Reply #30 on: December 19, 2008, 03:59:27 PM »
As sunrisecc mentions,a firewall isn't effective against this type of exploit as a firewall is expecting traffic back because you initiated the outbound connection, yes they would block unauthorised inbound connections if you didn't initiate the connection.

A backdoor, is almost self explanatory to allow 'stuff' (sorry about getting technical) into your system bypassing your security.

The windows firewall is about as much use as a chocolate fire-guard as the XP one provides zero outbound protection and the Vista one has it disabled by default. Even when the Vista firewall outbound protection is enabled it is rule based and the user has to create the rules, so not very user friendly.

So are you using XP or Vista firewall ?
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

JasonD

  • Guest
Re: rootkit ~.exe
« Reply #31 on: December 19, 2008, 11:17:53 PM »
Thank for all the help guys.  It is much appreciated! :)

I am running Windows XP SP3.  Ok, I understand the Firewall concept.  I could install a Firewall that asked for EVERY connection, which is totally user-UNfriendly, but it would have stopped this backdoor from working unless I was stupid enough to allow it.

It appears ~.exe is actually a dropper... which is a backdoor, I guess, since it allows the downloading and installing of whatever it wants.

I am thinking that it is unlikely a personal actually went sniffing through my files since I didn't notice any activity, and nothing else on my system was infected with anything virus-like.  However, the dropper could have downloaded a perfectly good (i.e. non-virus) program to run and act as a backdoor, so I wouldn't have noticed anything.  Avast! did report some virus in memory but because the pop-up disappear (since I was typing as it came up, and my typing cancelled the dialog box  >:( ) I am not sure what it actually was.  Avast! no longer reports ~.exe as a problem as you can see from my VirusTotal.com report above.

If I really did get ~.exe from a website, then they knew my IP, as well, which means they could have gotten straight to my computer the moment I got it.  >:(  But... I am behind a router, which is a hardware firewall!  Question:  Would my router have blocked the backdoor?
Logged

sunrisecc

  • Guest
Re: rootkit ~.exe
« Reply #32 on: December 19, 2008, 11:27:39 PM »
If a website (bonafide) is contaminated, no firewall (hardware or software) will stop it. I could post links to malware-infected websites but do not because of two reasons. Firstly, the owner may have cleaned it up by the time this is read. Secondly, someone may actually click on the link and then it is too late.
Logged
Pages: 1 2 [3]   Go Up
« previous next »