Thread: How I Got Rid of my Payloaded Infection
View Single Post
  #1 (permalink)  
Old 10-03-2008, 07:49 AM
chachinga chachinga is offline
Vip Member
  
Join Date: Apr 2008
Posts: 35
Reputation: 0
chachinga is on a distinguished road
Default How I Got Rid of my Payloaded Infection
Yes, I'll admit it, I was stupid enough to get adware on my machine. I downloaded something provided by a trusted forum, which in the end, the dl contained a bind. oops.

the thing is I ran the dl through the obvious - AVG, and then NOD32. A typical habitual thing I do when i download anything untrusted.

After installing it, I got pop up after pop up (firefox - I only use firefox) for keywords related to my google searches. Go figure. I'm infected.

So I spent a bunch of time trying to rid it. Kapersky, Adaware, Spybot, AVG, Microsoft Defender. Nothing worked (safe mode, overnight scans, blah blah). - edit - actually, now that I think of it, after running an array of anti-whatever softwares, my computer runs a helluva lot faster, even during infection !! (what else was on there?)

Whatever I'll live with it. My work around for this was to rename my firefox.exe to something else - lets say 1firefox.exe. No more popups (bandaid - but it worked, even though I know I'm still infected). I guess the PPI co's never thought of that?

Anyways, for now I can do what I need and everything is fine, just no logging into important sites on my infected PC.

Tonight I decided to run adword analyzer (I paid for it-awesome software). As soon as it comes to a ready state, up pops Windows Defender. I can't remember exactly what it said, but basically it found adware that produces popups. Whatever adware I had must have tried to produce a popup that it caught. WOW holy shit. ok. so I had it terminate/delete the file. it was some sort of DLL. BTW Windows Defender had nothing to do with Adword Analyzer (it was not the reason for the alarm). That software is clean and good shit

Next, I Reboot, rename 1firefox.exe back to firefox.exe and holy shit. I did google search on casino, porn, bikes, dogs, whatever. NO POPUPS. By the way, during the time of my infection, I periodically renamed 1firefox.exe back to original name just to see if popups would happen again, and sure enough they did.

Anyways to make a long story short, it took an adverse way to make the adware visible to the scanners I am running. Funny how things work sometimes, but this also proves a point.

These binds are quite undetectable to scanners until something out of the ordinary happens...
__________________
Mass Torrent Uploader - This software kicks ass.
Last edited by chachinga : 10-03-2008 at 07:59 AM.
Reply With Quote