Bored?
*Update*
The infection did not come from i-am-bored.com. It appears to have come from one of the links to content on another site, cracked.com. And it may have actually come from one of the ad banners on Cracked.com.
I have been corresponding with Mike from i-am-bored.com, and he has been most helpful in chasing down the nastiness. What a guy. He has been totally on top of this, and is totally against this kind of crap. Thanks, Mike!
Don't go to i-am-bored.com. Unless you want a healthy dose of malware. i-am-bored.com is great for all your humor needs!
For the second time in ten days, my personal workstation has been infected utilizing drive-by installs. Yes, I am fully patched, running Firefox to browse. And yes, I have A/V software, also fully patched.
Here are the items caught this morning:
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\seneka289f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Yroqiqowaqi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekatmiqeeyi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekabavhemud.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekapuxjrccy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekahdvigixq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
In addition to the above findings by MalwareBytes Anti Malware, which I highly recommend purchasing, I found some porno shortcuts on my desktop.
DNS resolution had been affected, preventing me from getting to sites such as Windows Update, Avast!, Symantec, etc.
Yes, this is a bad one. So for the second time in a week, I am restoring my machine from backups. Thank you, i-am-bored.com! This is just how I wanted to spend my day off!
*Update*
Looks like MalwareBytes Anti Malware has successfully got me running again. I can't recommend this package enough. Thanks MBAM!
Loading Comments ...
Comments
No comments have been added for this post.
Sorry. Comments are frozen for this article. If you have a question or comment that relates to this article, please post it in the appropriate forum.