/showcontent.asp?artid=20381 Bored?

fortypoundhead.com

Bored?

Posted On 2009-01-01 by FortyPoundHead
Keywords:
Tags: News 
Views: 1537


*Update*

The infection did not come from i-am-bored.com. It appears to have come from one of the links to content on another site, cracked.com. And it may have actually come from one of the ad banners on Cracked.com.

I have been corresponding with Mike from i-am-bored.com, and he has been most helpful in chasing down the nastiness. What a guy. He has been totally on top of this, and is totally against this kind of crap. Thanks, Mike!

Don't go to i-am-bored.com. Unless you want a healthy dose of malware. i-am-bored.com is great for all your humor needs!

For the second time in ten days, my personal workstation has been infected utilizing drive-by installs. Yes, I am fully patched, running Firefox to browse. And yes, I have A/V software, also fully patched.

Here are the items caught this morning:
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\prun.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\xxxxxxxxx\Local Settings\Temp\seneka289f.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Yroqiqowaqi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekatmiqeeyi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekabavhemud.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\senekapuxjrccy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadf.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\seneka.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\seneka.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekahdvigixq.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msiconf.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

In addition to the above findings by MalwareBytes Anti Malware, which I highly recommend purchasing, I found some porno shortcuts on my desktop.

DNS resolution had been affected, preventing me from getting to sites such as Windows Update, Avast!, Symantec, etc.

Yes, this is a bad one. So for the second time in a week, I am restoring my machine from backups. Thank you, i-am-bored.com! This is just how I wanted to spend my day off!

*Update*

Looks like MalwareBytes Anti Malware has successfully got me running again. I can't recommend this package enough. Thanks MBAM!


About the Author

FortyPoundHead has posted a total of 1974 articles.

 


Comments On This Post

No comments on this post yet!


Do you have a thought relating to this post? You can post your comment here. If you have an unrelated question, you can use the Q&A section to ask it.

Or you can drop a note to the administrators if you're not sure where you should post.


Your IP address is:54.224.214.93

Before you can post, you need to prove you are human. If you log in, this test goes away.



Recent Forum Posts

Job Spammer: Prutha Siri - Javelin Systems
dwirch posted on September 10, 2017 at about 6:15 in Spammers

New security implemented
dwirch posted on September 7, 2017 at about 7:16 in Site News

Malicious IP Checker Companion Tool
dwirch posted on August 12, 2017 at about 20:24 in Site News

Job Spammer: Steve Adams
dwirch posted on August 8, 2017 at about 7:44 in Spammers

New security implemented
dwirch posted on August 8, 2017 at about 6:43 in Site News

New security implemented
dwirch posted on July 23, 2017 at about 6:58 in Site News