#1
|
|||
|
|||
Over the last several days whenever I log onto CFS it downloads a small application to my HD. (Win XP no SP).
This application then attempts to connect out to the internet. It is caught by an outgoing firewall. The application is only about 2kb and happens at every logon. Each time it has a different name of about 7 jumbled letters. Todays little application is called "obqszrj.exe". I then have to go and manually search for this app on my HD and delete it. Is this a feature or a trojan?
Quote |
|
#2
|
||||
|
||||
As far as I know, CFS doesn't send any executables. Most likely, you were infected by a drive- by installation of something (from visiting a malicious website or opening an email attachment). The chance of that happening is multiplied by several magnitudes sinc you say you're not running an updated version of XP with the latest patches.
Since most malicious software deeply embeds itself in a system's innards, the safest approach is to perform complete reformat and clean installation of your system. Find and preserve your documents, pictures, MP3s, and other files you don't want to lose. DO NOT ATTEMPT TO "SALVAGE" any downloaded executables or installation package files. (If you don't have your original Windows XP and application software disks available, you *may* be able to save your ass by following the instructions at http://www.dslreports.com/forum/cleanup and clicking the "Mandatory Steps ..." link. Be warned, however: this approach will not always find and eliminate everything malevolent. At best, you can only expect it to buy you some extra time before you must do a complete clean install.) As your system is compromised, if you don't have a broadband (cable or DSL) connection at home, you will have to use a computer you can trust (such as at work or a friend's) to download SP2 and burn it to a CD or DVD. After the prep, physically disconnect the computer from the Internet until you have installed XP and SP2, boot XP FROM THE ORIGINAL DISTRIBUTION CD and choose the procedure to delete the existing partition(s), create a new C: partition, and perform a clean install. DO NOT INSTALL ANY APPLICATIONS YET. After XP is installed, install SP2. After SP2 is installed, if you have broadband reconnect the cable before the boot completes so automatic update can fetch and install other relevant updates. It will likely involve several reboots and additional update cycles until all the required patches are installed. You may then install your applications FROM THEIR ORIGINAL MEDIA. If you have downloaded software and blew away their image files in the reformat, you will have to download them again. ONLY DOWNLOAD FROM OFFICIAL AND TRUSTED SOURCES, otherwise you're just going to fuck yourself again. If you installed Microsoft applications like Office, use the Tools->Windows Update option in Internet Explorer to do a Custom Update and find any/all remaining updates available for your system. Install them all regardless of whether you actively use the features they are for. Finally, you may restore the personal data files you saved earlier. You should invest in a realtime, brand-name antivirus application such as McAfee or Trend Micro's offerings. The money spent can spare you the pain-in-the-ass a mess like this will cause you if it happens again. BTW, before anyone jumps in and bitches with the "windoze sux!" bullshit, I have only had to clean up infections on less than a half-dozen machines out of some 35,000 I'm responsible for over the years. The cause was always traced back to the user disregarding common sense and not paying attention to what they were downloading or running. People learn really fast when they lose all their work for months or years, and have to pay me $2,500 on top of it to come in and fix the mess for them. Good luck fixing things. Unfortunately, I won't provide any further assistance for free. Since this isn't a propeller-head site, visit http://www.dslreports.com/forum/cleanup as one source of help. You can also get help in the Microsoft support newsgroups on their website, or find someone local to you.
__________________
I have a need for seed!
Quote |
|
#3
|
||||
|
||||
Nothing involving our site would download an executable file onto your computer. The free advice you just got about how to clean this up should help I hope. I am certain if others were having a similar experience, we'd have heard about it in a big way since no one likes to have files forced onto their computer without their consent.
Quote |
|