Search Tools Links Login

Bored?

*Update*

The infection did not come from i-am-bored.com.  It appears to have come from one of the links to content on another site, cracked.com.  And it may have actually come from one of the ad banners on Cracked.com.

I have been corresponding with Mike from i-am-bored.com, and he has been most helpful in chasing down the nastiness.  What a guy.  He has been totally on top of this, and is totally against this kind of crap.  Thanks, Mike!

Don't go to i-am-bored.com. Unless you want a healthy dose of malware.  i-am-bored.com is great for all your humor needs!

For the second time in ten days, my personal workstation has been infected utilizing drive-by installs. Yes, I am fully patched, running Firefox to browse. And yes, I have A/V software, also fully patched.

Here are the items caught this morning:

C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\seneka289f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Yroqiqowaqi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekatmiqeeyi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekabavhemud.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekapuxjrccy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekahdvigixq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

In addition to the above findings by MalwareBytes Anti Malware, which I highly recommend purchasing, I found some porno shortcuts on my desktop.

DNS resolution had been affected, preventing me from getting to sites such as Windows Update, Avast!, Symantec, etc.

Yes, this is a bad one. So for the second time in a week, I am restoring my machine from backups. Thank you, i-am-bored.com! This is just how I wanted to spend my day off!

*Update*

Looks like MalwareBytes Anti Malware has successfully got me running again.  I can't recommend this package enough.  Thanks MBAM!

About this post

Posted: 2009-01-01
By: FortyPoundHead
Viewed: 1,782 times

Categories

News

Attachments

No attachments for this post

Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.