Results 1 to 2 of 2

Thread: Clever malware...ever seen this?

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Location
    Near Amarillo, TEXAS
    Posts
    1

    Default Clever malware...ever seen this?

    I was called into a customer's office with a complaint about 'strange' things going on in Windows XP Pro - SP3...Control Panel with all the buttons showing red 'X's, very slow to open any prog, trouble accessing external drives, WMP library showing odd things....ect.

    In the course of business, I hear things like this ALOT....but being a veteran of a thousand psychic wars, and oh so well armed with Spybot, MalwareBytes, ComboFix, full ver of AVG AND a deep understanding of Win XP - I did confidently go forth to do battle with the digital verminous scourge of modern existence....

    5 hours later, sporting a lot less hair, my weapons of choice failing me....I decided that the primary account I was working in was simply corrupted, and decided to switch to the hidden Admin account. Without icons, I had to navigate to the directory where Spybot is, and trigger the program manually. I opened the folder, and a few seconds later...several files materialized before my eyes....(I failed to highlight one before I took the screen shot, but these circled files are *.scr 's....averaging 1.5 meg in size) :

    Attachment 3557


    At this point, I decided 2 things -
    A.) Move all pertinent data, deep format and reload this machine, because :
    B.) Any virus infecting my Number 1 tool is one bad mamba-ja-hamba!

    Now, I've seen all kinds of bs in the last 9 years....from having to rename the .exe's of Spybot and ComboFix just so they would start, to having to load MS VM, share the HDD and run a cleaning from there long enuff to retreive a customers data.......but THIS was a new one on me.

    All my tools ran, updated - no prob. AVG, Spybot, MalwareBytes AND ComboFix ALL claimed to have found Nothing.

    wtf, over? Any ideas??
    The game is nothing...the playing of it - everything.

  2. #2
    Senior Member drragostea's Avatar
    Join Date
    Jan 2008
    Location
    @Home
    Posts
    3,674

    Default

    The randomly named, hidden files (.scr) are defense mechanisms from Spybot-SD, that is designed to start itself even if malware has disabled the main shortcut.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •