Author Topic: Very stealthy redirect  (Read 16401 times)

0 Members and 1 Guest are viewing this topic.

FrankW

  • Guest
Re: Very stealthy redirect
« Reply #45 on: August 03, 2011, 11:16:12 PM »
Sorry about the delay, I had to get some sleep. I'm in another timezone. Here's the mediafire link for OTS.txt.
http://www.mediafire.com/?emdn2va6y4dvz5s

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Very stealthy redirect
« Reply #46 on: August 03, 2011, 11:22:11 PM »
What do you know about this programme C:\Program Files\bxNewFolder

Also if you are running FF portable from a USB drive then the infection is on that as XUL runner is not showing on your system

Still checking the log

FrankW

  • Guest
Re: Very stealthy redirect
« Reply #47 on: August 03, 2011, 11:30:09 PM »
bxNewFolder is a little utility I installed which puts a 'new folder' icon on the toolbar in windows explorer.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48612
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Very stealthy redirect
« Reply #48 on: August 03, 2011, 11:43:17 PM »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

FrankW

  • Guest
Re: Very stealthy redirect
« Reply #49 on: August 03, 2011, 11:59:19 PM »
I should mention that this problem appeared to start at the beginning of last week when Anvir Task Manager popped up to tell me a new startup dll had just appeared in the registry. I uploaded the dll to virustotal which said it contained trojan hiloti.gen.aa with a 28% detection rate.

FrankW

  • Guest
Re: Very stealthy redirect
« Reply #50 on: August 04, 2011, 08:25:36 AM »
Been giving the computer a workout and the strange behaviour seems to have subsided. Let's hope it's cured. I'll get back to you if there are any further developments. Hopefully the XULRunner was the viruses last gasp.

A big thank you to everyone for their helpful input on this.

Frank

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: Very stealthy redirect
« Reply #51 on: August 04, 2011, 11:39:24 AM »
This may well need further investigation given what has been said by essexboy in Reply #46 above about running portable firefox the XUL runner could be present there.

As I said before I don't know why you are running the portable version of firefox, you must have a reason (for me that would be because your system is truly portable so you want to be able to carry your FF setup with you) ?

However, since/if it is on a USB stick then it can't be analysed by the tools used so far.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

FrankW

  • Guest
Re: Very stealthy redirect
« Reply #52 on: August 04, 2011, 04:26:53 PM »
I struggle to see a reason why all software is not portable as it used to be in the good old days. Under the current regime the system becomes more and more clogged up with unnecessary junk over time. It makes more sense to me to try to make software self contained with all the dependencies isolated together in one folder.
No I don't keep the browser on a USB stick. I can see now that tools which expect all software to be installed into windows may have a problem finding software in other folders. On the other hand since were talking about antivirus software it would seem naive to write antivirus software which assumes the virus will only be found in a folder registered with the OS as an application.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89219
  • No support PMs thanks
Re: Very stealthy redirect
« Reply #53 on: August 04, 2011, 05:27:58 PM »
We aren't talking about antivirus software, but analysis tools looking in the usual places that malware hides. What they can't do is cater for every piece of spftware out there with a portable edition.

Antivirus software scans portable applications in the same way as installed applications, after all they are only executable files.

You only have to look at the problems you have had and the inability to get directly to the cause (and we still aren't there yet), to wonder if portability is worth the hassle.

Today's hard disks are massive I can see the purpose of portable applications if you have them on a USB so if you are away and have access to a computer plug in USB and your portable applications with your customisations are available to you.

Since you are talking about what AVs should do, users have to do things also. The fact you are using a portable application doesn't exclude it from being updated, it is just more hassle.

Updating all applications that access the internet is crucial (others less so but still important) and not to update your OS is madness as it leaves your system more vulnerable to exploit..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security