« previous next »
Pages: [1]   Go Down

Author Topic: dxoxabtshdw.exe  (Read 2866 times)

0 Members and 1 Guest are viewing this topic.

hazanko

  • Guest
dxoxabtshdw.exe
« on: August 22, 2010, 04:43:07 PM »
It's basically ransonware which spams you with fake Windows security alerts, before booting up IE and directing you to "adult.com". It doesn't allow you to start any executables, it blocks any user-initiated attempts to use a browser (firefox, IE, Opera tested) and it basically holds your entire PC to ransom. I only managed to figure out the filename once I booted into safe mode and ran msconfig. It resides in the following folder on my computer:

local settings\Application Data\kkcjccjfn\dxoxabtshdw.exe

Google turns up nothing relevant, either for the full file extension or the executable.

Avast didn't seem to pick it up. It's also worth noting that disabling it on startup has no effect after restart. Malware software doesn't pick it up either. I'm about to try spyblocker s&d, but I don't honestly expect this will help.

So...what's the procedure?
Logged

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: dxoxabtshdw.exe
« Reply #1 on: August 22, 2010, 04:53:07 PM »
download mbam http://www.malwarebytes.org/

also check this out http://siri-urz.blogspot.com/  (about trojan ransomware)
Logged
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

hazanko

  • Guest
Re: dxoxabtshdw.exe
« Reply #2 on: August 22, 2010, 05:14:03 PM »
mbam didn't pick anything up, even after a full scan. Additionally, it now appears in the avast virus vault as follows:

last changed: 23:19
Transfer time: 15:15

I don't want to sound stupid or ungrateful (avast is free, after all), but I don't understand why it took so long for avast to do something about this file. Between the time it "last changed" and the "transfer time", I ran a full, comprehensive scan of my PC - avast picked up nothing.

I'd be grateful if somebody could enlighten me, because right now, I don't really feel like I'm out of the woods yet. The PC in question is now in autistic mode (completely shut off from my network, I mean...a term I picked up from GitS), but I'm wary of reconnecting it until I understand exactly what happened.

Thanks for your time in advance, people.
Logged

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: dxoxabtshdw.exe
« Reply #3 on: August 22, 2010, 05:22:06 PM »
did you update malware bytes?
« Last Edit: August 22, 2010, 05:24:22 PM by Left123 »
Logged
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

hazanko

  • Guest
Re: dxoxabtshdw.exe
« Reply #4 on: August 22, 2010, 06:25:01 PM »
I downloaded the latest version of mbam another PC and put it on a USB stick. Then installed mbam on the problematic PC. I'm running mbam for the second time today and it doesn't look like it's going to pick up anything - again.

I can't update malware bytes so long as my PC is offline - and I don't really want to put it back online just for that.

But again, what I really want to know is what this thing is and why avast took so long to pick it up.
Logged
Pages: [1]   Go Up
« previous next »