|
7 registered members (fairtrader, Quad, miwok, Martin_HH, AndrewAMD, alibaba, dpn),
581
guests, and 0
spiders. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
Re: Fake Alert to make you...
[Re: Pappenheimer]
#233986
10/31/08 14:49
10/31/08 14:49
|
Joined: Aug 2003
Posts: 7,439 Red Dwarf
Michael_Schwarz
Senior Expert
|
Senior Expert
Joined: Aug 2003
Posts: 7,439
Red Dwarf
|
Lad dir einfach die 30-Tage-Demo von Kaspersky runter ( http://www.kaspersky.com/anti-virus_trial) bisher das beste antivirus das ich gefunden hab. Ist zwar nen bisschen teuerer als die anderen und nicht kostenlos, aber die demo funktioniert für die angegebenen 30 tage im vollen umfang!
"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
|
|
|
Re: Fake Alert to make you...
[Re: broozar]
#234008
10/31/08 16:49
10/31/08 16:49
|
Joined: Jul 2002
Posts: 3,208 Germany
Error014
Expert
|
Expert
Joined: Jul 2002
Posts: 3,208
Germany
|
man könnte auch linux nehmen... Könnte man, aber was ihr Linux-nutzer nicht wisst: Heimlich spielen wir ein Spiel, und wer die meisten Beiträge mit "nimmt doch linux" erhält, gewinnt. Leider mussten wir aber neulich abbrechen, weil die Punktestandzähler alle bei 99999999 stecken geblieben sind Leider hast du dann doch noch was hilfreiches geschrieben, darum machts nur halb soviel spaß -- Was sagt denn nun das Scanergebnis?
Perhaps this post will get me points for originality at least.
Check out Dungeon Deities! It's amazing and will make you happy, successful and almost certainly more attractive! It might be true!
|
|
|
Re: Fake Alert to make you...
[Re: broozar]
#234112
11/01/08 00:44
11/01/08 00:44
|
Joined: Aug 2003
Posts: 7,439 Red Dwarf
Michael_Schwarz
Senior Expert
|
Senior Expert
Joined: Aug 2003
Posts: 7,439
Red Dwarf
|
man könnte auch linux nehmen... Dann kann man aber keine spiele zocken und die meisten Windows programme nutzen, und nein Wine(X)/Cedega sind keine alternativen, es "geht" aber es ist immer dieses komische gefühl dabei das irgendwas einfach immernoch nicht so ist wie es sein sollte (und alles etwas lahmer läuft als unter windows(obwohl Black and White auf Linux unter Cedega sogar schneller lief... hmm...)). anyway. svchost.exe sollte es nur einmal im system geben - nämlich in :\windows\system32 (und ggf im sp1/sp2-installation-ordner). _alles_ andere sind viren oder zumindest höchst zweifelhafte, weil nicht windows-installationsmedium-files, dateien. abgesehen davon, dass viele windows systemdateien (wie die besagte svhost.exe) oft noch im Driver ordner, dem Dllcache ordner, dem prefetch ordner(bei vista) und dem generellen cache ordner abgelegt sind 
"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
|
|
|
Re: Fake Alert to make you...
[Re: Michael_Schwarz]
#234118
11/01/08 01:49
11/01/08 01:49
|
Joined: Jun 2005
Posts: 4,875
broozar
Expert
|
Expert
Joined: Jun 2005
Posts: 4,875
|
abgesehen davon, dass viele windows systemdateien (wie die besagte svhost.exe) oft noch im Driver ordner, dem Dllcache ordner, dem prefetch ordner(bei vista) und dem generellen cache ordner abgelegt sind wahrscheinlich schreibt microsoft das dann extra nicht auf die homepage, damit michael_schwarz microsoft berichtigen kann: http://support.microsoft.com/kb/314056/deWine(X)/Cedega sind keine alternativen natürlich nicht. windows is doch ein tolles spielsystem. nur sollt ihr euch nicht wundern, wenn ihr sorglos damit surft, euch irgendwelchen blödsinn damit einzufangen. wie ihr zu euren viren kommt ist mir sowieso ein rätsel. abgesehn davon laufen die ut-und die quakeserie nativ auf linux, shiva läuft, unity wird kommen, torque schon lange.. was will man mehr. weil die Punktestandzähler alle bei 99999999 stecken geblieben sind ja, schon blöd, diese "var" -limits in a6. oder so. :P dass immer alle gleich einhaken und einhacken müssen, wenn einer das wort "linux" fallen lässt. und damit zurück zum thema.
|
|
|
Re: Fake Alert to make you...
[Re: broozar]
#234127
11/01/08 05:51
11/01/08 05:51
|
Joined: Sep 2003
Posts: 5,900 Bielefeld, Germany
Pappenheimer
OP
Senior Expert
|
OP
Senior Expert
Joined: Sep 2003
Posts: 5,900
Bielefeld, Germany
|
End of story, hopefully! I found the name of the exe and the folder where it was safed on my harddisc on a site, something like the following: “Documents and Settings\Adam\Application Data\Google\mupd1_2_1165664.exe” The application, recomanded on that site, to remove the trojan caused an alert from Avira AntiVir - I didn't use it. I followed the instructions of the respond of Tim of the following site http://a11news.com/854/trojan-keylogger-win32-fung/ I opened the task manager when the fake window popped up, terminated the process of mpudXXXXX.exe and deleted it in its folder. Up to now it didn't pop up again. I got the trojan at 30.10.08 8 o'clock p.m. Now I'm going to search for files that have been created on my system since then. EDIT: Thanks for the hint that svchost.exe should exist in one folder only: actually I found a second one in Windows/system32/DRIVERS(!) which has been created at the very same time when my system was infected! Avira alerted as soon as I even moved the cursor above the filename! Avira couldn't delete it at once, but choosing 'rename' and then 'delete', that did the job. I found this description: "The trojan.keylogger.win32.fung files usually infect your computer in a “drive-by download”" Does anyone no wh at this means? How can a "drive-by download" happen?
|
|
|
Re: Fake Alert to make you...
[Re: Pappenheimer]
#234184
11/01/08 13:29
11/01/08 13:29
|
Joined: Sep 2002
Posts: 8,177 Netherlands
PHeMoX
Senior Expert
|
Senior Expert
Joined: Sep 2002
Posts: 8,177
Netherlands
|
I found this description: "The trojan.keylogger.win32.fung files usually infect your computer in a “drive-by download”" Does anyone no wh at this means? How can a "drive-by download" happen? It means this happened; Drive-by download From Wikipedia, the free encyclopedia Jump to: navigation, search
The expression drive-by download is used in three increasingly strict meanings:
1. Any download that happens without knowledge of the user. 2. Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though s/he was completely unaware of having initiated a malicious software download. 3. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.
The expression drive-by install (or installation) is completely analogous and refers to installation rather than download (though sometimes the two are used interchangeably).
In April 2007 researchers at Google discovered hundreds of thousands of web pages performing drive-by downloads.[1][2]
A very common technique nowadays is using streaming movies, think Gametrailers or Youtube, but instead hazardous sites will often make you click something before playback will commence. An even more effective way is infecting ads that'll do a drive-by download the moment the website starts loading them in. Not much you can do about it, except making sure you've got a good virusscanner running, Cheers
|
|
|
Re: Fake Alert to make you...
[Re: PHeMoX]
#234199
11/01/08 14:48
11/01/08 14:48
|
Joined: Aug 2003
Posts: 7,439 Red Dwarf
Michael_Schwarz
Senior Expert
|
Senior Expert
Joined: Aug 2003
Posts: 7,439
Red Dwarf
|
A good reason not to use Internet Explorer and switch to the safer (not safe!( alternatives of Opera or Firefox
"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
|
|
|
Re: Fake Alert to make you...
[Re: Pappenheimer]
#234256
11/01/08 20:45
11/01/08 20:45
|
Joined: Sep 2002
Posts: 8,177 Netherlands
PHeMoX
Senior Expert
|
Senior Expert
Joined: Sep 2002
Posts: 8,177
Netherlands
|
I think the trojan was absolutely new, because I could only find sites which were suspicious to me when the thing happened, and my virus protection reacted a day later or so. Yeah, that seems very likely, I guess you were unlucky there, Cheers
|
|
|
|