Gamestudio Links
Zorro Links
Newest Posts
Newbie Questions
by fairtrader. 12/06/23 11:29
Zorro Trader GPT
by TipmyPip. 12/04/23 11:34
Square root rule
by Smallz. 12/02/23 09:15
RTest not found error
by TipmyPip. 12/01/23 21:43
neural function for Python to [Train]
by TipmyPip. 12/01/23 14:47
Xor Memory Problem.
by TipmyPip. 11/28/23 14:23
Training with command line parameters
by TipmyPip. 11/26/23 08:42
Combine USD & BTC Pairs In Asset Loop
by TipmyPip. 11/26/23 08:30
AUM Magazine
Latest Screens
A psychological thriller game
SHADOW (2014)
DEAD TASTE
Tactics of World War I
Who's Online Now
7 registered members (fairtrader, Quad, miwok, Martin_HH, AndrewAMD, alibaba, dpn), 581 guests, and 0 spiders.
Key: Admin, Global Mod, Mod
Newest Members
fairtrader, hus, Vurtis, Harry5, KelvinC
19019 Registered Users
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 2 of 2 1 2
Re: Fake Alert to make you... [Re: Pappenheimer] #233986
10/31/08 14:49
10/31/08 14:49
Joined: Aug 2003
Posts: 7,439
Red Dwarf
Michael_Schwarz Offline
Senior Expert
Michael_Schwarz  Offline
Senior Expert

Joined: Aug 2003
Posts: 7,439
Red Dwarf
Lad dir einfach die 30-Tage-Demo von Kaspersky runter (http://www.kaspersky.com/anti-virus_trial) bisher das beste antivirus das ich gefunden hab. Ist zwar nen bisschen teuerer als die anderen und nicht kostenlos, aber die demo funktioniert für die angegebenen 30 tage im vollen umfang!


"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
Re: Fake Alert to make you... [Re: Michael_Schwarz] #233991
10/31/08 15:41
10/31/08 15:41
Joined: Jun 2005
Posts: 4,875
broozar Offline
Expert
broozar  Offline
Expert

Joined: Jun 2005
Posts: 4,875
man könnte auch linux nehmen...

anyway. svchost.exe sollte es nur einmal im system geben - nämlich in :\windows\system32 (und ggf im sp1/sp2-installation-ordner). _alles_ andere sind viren oder zumindest höchst zweifelhafte, weil nicht windows-installationsmedium-files, dateien. ein freund hatte das problem auch mal, und auch nach einer löschung mit avira war die datei nach dem nächsten boot wieder da. daher weiß ich auch nicht, ob kaspersky das wieder hinbekommt. ansonsten steht ja noch die option windows plätten, neuinstallieren, was sicherlich nach 2 oder mehr jahren windowsbetrieb auch allgemein keine schlechte idee ist.

Re: Fake Alert to make you... [Re: broozar] #234008
10/31/08 16:49
10/31/08 16:49
Joined: Jul 2002
Posts: 3,208
Germany
Error014 Offline
Expert
Error014  Offline
Expert

Joined: Jul 2002
Posts: 3,208
Germany
Quote:
man könnte auch linux nehmen...


Könnte man, aber was ihr Linux-nutzer nicht wisst: Heimlich spielen wir ein Spiel, und wer die meisten Beiträge mit "nimmt doch linux" erhält, gewinnt. Leider mussten wir aber neulich abbrechen, weil die Punktestandzähler alle bei 99999999 stecken geblieben sind frown

Leider hast du dann doch noch was hilfreiches geschrieben, darum machts nur halb soviel spaß frown

--


Was sagt denn nun das Scanergebnis?


Perhaps this post will get me points for originality at least.

Check out Dungeon Deities! It's amazing and will make you happy, successful and almost certainly more attractive! It might be true!
Re: Fake Alert to make you... [Re: broozar] #234112
11/01/08 00:44
11/01/08 00:44
Joined: Aug 2003
Posts: 7,439
Red Dwarf
Michael_Schwarz Offline
Senior Expert
Michael_Schwarz  Offline
Senior Expert

Joined: Aug 2003
Posts: 7,439
Red Dwarf
Originally Posted By: broozar
man könnte auch linux nehmen...


Dann kann man aber keine spiele zocken und die meisten Windows programme nutzen, und nein Wine(X)/Cedega sind keine alternativen, es "geht" aber es ist immer dieses komische gefühl dabei das irgendwas einfach immernoch nicht so ist wie es sein sollte (und alles etwas lahmer läuft als unter windows(obwohl Black and White auf Linux unter Cedega sogar schneller lief... hmm...)).

Originally Posted By: broozar
anyway. svchost.exe sollte es nur einmal im system geben - nämlich in :\windows\system32 (und ggf im sp1/sp2-installation-ordner). _alles_ andere sind viren oder zumindest höchst zweifelhafte, weil nicht windows-installationsmedium-files, dateien.


abgesehen davon, dass viele windows systemdateien (wie die besagte svhost.exe) oft noch im Driver ordner, dem Dllcache ordner, dem prefetch ordner(bei vista) und dem generellen cache ordner abgelegt sind laugh


"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
Re: Fake Alert to make you... [Re: Michael_Schwarz] #234118
11/01/08 01:49
11/01/08 01:49
Joined: Jun 2005
Posts: 4,875
broozar Offline
Expert
broozar  Offline
Expert

Joined: Jun 2005
Posts: 4,875
Originally Posted By: Michael_Schwarz
abgesehen davon, dass viele windows systemdateien (wie die besagte svhost.exe) oft noch im Driver ordner, dem Dllcache ordner, dem prefetch ordner(bei vista) und dem generellen cache ordner abgelegt sind laugh
wahrscheinlich schreibt microsoft das dann extra nicht auf die homepage, damit michael_schwarz microsoft berichtigen kann: http://support.microsoft.com/kb/314056/de
Quote:
Wine(X)/Cedega sind keine alternativen
natürlich nicht. windows is doch ein tolles spielsystem. nur sollt ihr euch nicht wundern, wenn ihr sorglos damit surft, euch irgendwelchen blödsinn damit einzufangen. wie ihr zu euren viren kommt ist mir sowieso ein rätsel.
abgesehn davon laufen die ut-und die quakeserie nativ auf linux, shiva läuft, unity wird kommen, torque schon lange.. was will man mehr.
Quote:
weil die Punktestandzähler alle bei 99999999 stecken geblieben sind
ja, schon blöd, diese "var" -limits in a6. oder so. :P

dass immer alle gleich einhaken und einhacken müssen, wenn einer das wort "linux" fallen lässt. und damit zurück zum thema.

Re: Fake Alert to make you... [Re: broozar] #234127
11/01/08 05:51
11/01/08 05:51
Joined: Sep 2003
Posts: 5,900
Bielefeld, Germany
Pappenheimer Offline OP
Senior Expert
Pappenheimer  Offline OP
Senior Expert

Joined: Sep 2003
Posts: 5,900
Bielefeld, Germany
End of story, hopefully!
I found the name of the exe and the folder where it was safed on my harddisc on a site, something like the following:
“Documents and Settings\Adam\Application Data\Google\mupd1_2_1165664.exe”
The application, recomanded on that site, to remove the trojan caused an alert from Avira AntiVir - I didn't use it.

I followed the instructions of the respond of Tim of the following site
http://a11news.com/854/trojan-keylogger-win32-fung/

I opened the task manager when the fake window popped up, terminated the process of mpudXXXXX.exe and deleted it in its folder.
Up to now it didn't pop up again.

I got the trojan at 30.10.08 8 o'clock p.m. Now I'm going to search for files that have been created on my system since then.

EDIT:
Thanks for the hint that svchost.exe should exist in one folder only: actually I found a second one in Windows/system32/DRIVERS(!) which has been created at the very same time when my system was infected! Avira alerted as soon as I even moved the cursor above the filename! Avira couldn't delete it at once, but choosing 'rename' and then 'delete', that did the job.


I found this description:
"The trojan.keylogger.win32.fung files usually infect your computer in a “drive-by download”"
Does anyone no wh at this means? How can a "drive-by download" happen?

Re: Fake Alert to make you... [Re: Pappenheimer] #234184
11/01/08 13:29
11/01/08 13:29
Joined: Sep 2002
Posts: 8,177
Netherlands
PHeMoX Offline
Senior Expert
PHeMoX  Offline
Senior Expert

Joined: Sep 2002
Posts: 8,177
Netherlands
Originally Posted By: Pappenheimer
I found this description:
"The trojan.keylogger.win32.fung files usually infect your computer in a “drive-by download”"
Does anyone no wh at this means? How can a "drive-by download" happen?


It means this happened;

Quote:

Drive-by download
From Wikipedia, the free encyclopedia
Jump to: navigation, search

The expression drive-by download is used in three increasingly strict meanings:

1. Any download that happens without knowledge of the user.
2. Download of spyware, a computer virus or any kind of malware that happens without knowledge of the user. Drive-by downloads may happen by visiting a website, viewing an e-mail message or by clicking on a deceptive popup window: the user clicks on the window in the mistaken belief that, for instance, it is an error report from his own PC or that it is an innocuous advertisement popup; in such cases, the "supplier" may claim that the user "consented" to the download though s/he was completely unaware of having initiated a malicious software download.
3. Download of malware through exploitation of a web browser, e-mail client or operating system bug, without any user intervention whatsoever. Websites that exploit the Windows Metafile vulnerability may provide examples of "drive-by downloads" of this sort.

The expression drive-by install (or installation) is completely analogous and refers to installation rather than download (though sometimes the two are used interchangeably).

In April 2007 researchers at Google discovered hundreds of thousands of web pages performing drive-by downloads.[1][2]


A very common technique nowadays is using streaming movies, think Gametrailers or Youtube, but instead hazardous sites will often make you click something before playback will commence.

An even more effective way is infecting ads that'll do a drive-by download the moment the website starts loading them in.

Not much you can do about it, except making sure you've got a good virusscanner running,

Cheers


PHeMoX, Innervision Software (c) 1995-2008

For more info visit: Innervision Software
Re: Fake Alert to make you... [Re: PHeMoX] #234199
11/01/08 14:48
11/01/08 14:48
Joined: Aug 2003
Posts: 7,439
Red Dwarf
Michael_Schwarz Offline
Senior Expert
Michael_Schwarz  Offline
Senior Expert

Joined: Aug 2003
Posts: 7,439
Red Dwarf
A good reason not to use Internet Explorer and switch to the safer (not safe!( alternatives of Opera or Firefox


"Sometimes JCL reminds me of Notch, but more competent" ~ Kiyaku
Re: Fake Alert to make you... [Re: Michael_Schwarz] #234246
11/01/08 20:04
11/01/08 20:04
Joined: Sep 2003
Posts: 5,900
Bielefeld, Germany
Pappenheimer Offline OP
Senior Expert
Pappenheimer  Offline OP
Senior Expert

Joined: Sep 2003
Posts: 5,900
Bielefeld, Germany
Thanks, I didn't expect that the wikipedia already got an article about that!
I don't use IE. Sometimes a program starts it.
I think the trojan was absolutely new, because I could only find sites which were suspicious to me when the thing happened, and my virus protection reacted a day later or so.

Re: Fake Alert to make you... [Re: Pappenheimer] #234256
11/01/08 20:45
11/01/08 20:45
Joined: Sep 2002
Posts: 8,177
Netherlands
PHeMoX Offline
Senior Expert
PHeMoX  Offline
Senior Expert

Joined: Sep 2002
Posts: 8,177
Netherlands
Originally Posted By: Pappenheimer
I think the trojan was absolutely new, because I could only find sites which were suspicious to me when the thing happened, and my virus protection reacted a day later or so.


Yeah, that seems very likely, I guess you were unlucky there,

Cheers


PHeMoX, Innervision Software (c) 1995-2008

For more info visit: Innervision Software
Page 2 of 2 1 2

Gamestudio download | chip programmers | Zorro platform | shop | Data Protection Policy

oP group Germany GmbH | Birkenstr. 25-27 | 63549 Ronneburg / Germany | info (at) opgroup.de

Powered by UBB.threads™ PHP Forum Software 7.7.1