I'm not sure at all what happened.
I decided to install Primo PDF writer on the little Acer Aspire One 533 netbook.
I (Windows Explorer) wandered across my LAN to the Compaq Notebook folder \Appl\Installed\Primo\ and executed the "FreewarePrimoSetup.exe" found there (on the NoteBook):
On the Netbook MSE sprang up and muttered something about AdWare ... candy.
I didn't think to snapshot/PrtScr the message, just chose "go ahead and get rid of it", and opted for "No, don't reboot at this time".
Then I observed a new file, timestamped Now() in my Netbook folder.
All very strange ...
When Malware Clones
-
- PlutoniumLounger
- Posts: 15641
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
When Malware Clones
You do not have the required permissions to view the files attached to this post.
He who plants a seed, plants life.
-
- PlatinumLounger
- Posts: 5685
- Joined: 24 Jan 2010, 19:16
- Location: Cape Cod, Massachusetts,USA
Re: When Malware Clones
Chris,
There are suggestions that this is a Delf Trojan. Others claim it is a false positive and is a legit PDF handler.
http://spywarefiles.prevx.com/RRACJJ447 ... P.EXE.html" onclick="window.open(this.href);return false;
I would run whatever anti virus\malware program you use and see what it picks up.
There are suggestions that this is a Delf Trojan. Others claim it is a false positive and is a legit PDF handler.
http://spywarefiles.prevx.com/RRACJJ447 ... P.EXE.html" onclick="window.open(this.href);return false;
I would run whatever anti virus\malware program you use and see what it picks up.
BOB
______________________________________
If I agreed with you we'd both be wrong.
______________________________________
If I agreed with you we'd both be wrong.
-
- PlutoniumLounger
- Posts: 15641
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: When Malware Clones
Bob, Thanks for this bit of research.viking33 wrote:Others claim it is a false positive and is a legit PDF handler.
I had another "hit" this morning, different situation.
(Around about now most of Eileen's loungers will be backing away from me, veeeery slowly, I know).
Perhaps I have tighter security; perhaps I spend too much time browsing news and tech sites.
Each morning I use Firefox to "Open All In Tabs" a set of about a dozen blogs: Been doing it for years. About once every 2 months or so I remove one link and add another. There's a limit to what i can read each morning.
This morning I did my "Open All In Tabs", as I did yesterday morning and the day before, and MSE pops up its little red box: This time I remembered to take a snapshot during removal, instead of after removal, as happened the last time.
I note with interest that the Malware is in the folder "C:\Users\ChrisC\AppData\Local\Temp", and suppose that while MSE appears to be on the ball, it might not hurt my system to delete the contents of that folder periodically, "periodically" being defined as
- At each reboot
- Each time I load MSWord (a common-enough event here)
- Each time I log my time in Notepad with my .LOG application
- Each time I pick up the phone
Thoughts from anyone?
You do not have the required permissions to view the files attached to this post.
He who plants a seed, plants life.
-
- Administrator
- Posts: 78556
- Joined: 16 Jan 2010, 00:14
- Status: Microsoft MVP
- Location: Wageningen, The Netherlands
Re: When Malware Clones
I don't it's really necessary to empty your Temp folder each time you take a sip of tea, but it's not a bad idea to do it once a day.
Best wishes,
Hans
Hans
-
- GoldLounger
- Posts: 2599
- Joined: 24 Jan 2010, 15:26
- Location: Olympia, WA
Re: When Malware Clones
Which link have you added since this has started?
I would get rid of the link that is sending you these bad files.
I would get rid of the link that is sending you these bad files.
I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living
Genealogy....confusing the dead and annoying the living
-
- PlutoniumLounger
- Posts: 15641
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: When Malware Clones
Hi Dave, good idea.DaveA wrote:Which link have you added since this has started?
I would get rid of the link that is sending you these bad files.
However I haven't changed my set of links in over a week.
All I can really do (I think) is reboot, and then load each link independently, waiting 60 seconds between each link, to see which is the culprit.
Then, of course, alert the blogger.
The blogs I follow are professional people; but of course, like me, they have well-meaning friends who send tjhem elcronic greeting cards, visit porn sites, or cc them on the Master World Registry of Bot Harborers.
He who plants a seed, plants life.
-
- PlutoniumLounger
- Posts: 15641
- Joined: 24 Jan 2010, 23:23
- Location: brings.slot.perky
Re: When Malware Clones
OK. Once a day, at least.HansV wrote:I don't it's really necessary to empty your Temp folder each time you take a sip of tea, but it's not a bad idea to do it once a day.
Not as frequently as I sip tea, but more frequently than I .
Got it!
Funny you should mention it.
Right now I'm developing a series of PDF flyers for course outlines, a semi-mechanical process that includes an upload-PDF-and-Fabricate-Index as one of the steps.
My lazy mind has determined that THAT step is enough time to reach out and take a sip of in a leisurely fashion, thereby convincing myself that I'm not really working this morning ...
He who plants a seed, plants life.