Results 1 to 6 of 6

Thread: type of malware S&D is not detecting or removing

  1. #1
    Junior Member
    Join Date
    Dec 2015
    Posts
    4

    Default type of malware S&D is not detecting or removing

    What type of malware inserts over 250,000 bogus domains into P3P History and ZoneMap under the subfolders Domains, EscDomains, and Ranges? Have tried every known means of detecting and deleting it and nothing works except complete overwrite of the hard drive. S&D was crashing every time when it hit something but could not resolve it. Can delete them from regedit but always show up again 2 or 3 days later.

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi

    Those registry entries are to help control privacy/security settings in IE. Probably installed by some software your using. Maybe Spybots immunization feature?

    see link
    https://support.microsoft.com/en-us/kb/182569
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Dec 2015
    Posts
    4

    Default not the case

    are all completely bogus domains and ranges, so would offer no protection whatsoever from what does not exist. like alitali6a.it done in many different ways, misspelling, numbers, etc. has now hit other machines I communicate with with the same p3p and zonemap entries, suddenly unstable computers that were doing just fine.

  4. #4
    Junior Member
    Join Date
    Dec 2015
    Posts
    4

    Default possible malware in a temp file

    Has anyone come across this temp file: Temp0516A252-3C23-906D-72AB-6955A6CB993E-Signature Only have open mozilla and skype, shows this is running, too and is 61mb file according to checking its permissions and origin. Top permission is CREATOR OWNER with special permissions, cannot be removed due to sharing

  5. #5
    Junior Member
    Join Date
    Dec 2015
    Posts
    4

    Default answered my own question

    the malware was DarkComet RAT, system getting back to normal again for the most part. Seems to be a remnant to find and delete. What it was doing to P3P, ZoneMap and DOMStorage has been eliminated.

  6. #6
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of both awsMBR and FRST logs plus a link to your previous thread.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •