Atomic Bob's Stock Forum - The Golden Thread

Forum Home |

Signup |

My Page

Rules |

FAQ |

Boards |

Members |

« CONSTITUTION Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Re: Bugs

By: DueDillinger in CONSTITUTION | Recommend this post (0)
Sat, 11 Aug 12 5:39 AM | 82 view(s)
Boardmark this board | Constitutional Corner

Msg. 19246 of 21975
(This msg. is a reply to 19238 by lkorrow)
Jump:

Tracking cookies are not dangerous, and if you continue to use older IE versions, they are gonna be ubiquitous.

The registry entries in and of themselves are not actually malware; ie; they aren't programs. What is probably happening is that the virus itself has been zapped, but not all of it's effects on the registry have been undone.

Look in your Webroot logs to see if these specific viruses have been removed.

Here's Microsoft's page on the HackTool malware:

Technical Information (Analysis)
HackTool:Win32/PWDump.A is a tool used to obtain password hashes from Windows NT and 2000 machines.

The tool is installed as a service, usually named pwservice.exe. It utilizes the files pwdump3.exe and lsaext.dll, and is designed to remotely obtain password hashes from the memory of the target machine.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=HackTool%3AWin32%2FPWDump.A#symptoms_link

So you can see if you have either of these files on your system and/or run Windows Task Manager to see if the service is running.

If you want to really ensure that your system is cleaned out, run ComboFix.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Uploaded Image

âˆ†âˆ†

- - - - -
View Replies (1) »

» You can also:

Ignore/Hide this poster on all boards (Requires login)
Membermark this member (Requires login)
Email this message to a friend

- - - - -
The above is a reply to the following message:

Bugs
By: lkorrow in CONSTITUTION
Sat, 11 Aug 12 1:15 AM

Msg. 19238 of 21975

Now I'm getting bugged, pardon the pun.

Ran Spyzooka, got three tracking cookies, and three registry items -- the same trojan horse and proxy MSIL entries, and now W32HackToolPwdump [hack tool]

I'm bugged, I thought Webroot and Spzooka were supposed to catch stuff as they happen. Guess not. Now I'll run Webroot.

Ru4Cookie [TrackingCookie] C:\Documents and Settings..

Bs.serving-sysCookie [TrackingCookie] C:\Documents and Settings...

PointrollCookie [TrackingCookie] C:\Documents and Settings...

Win32.Worm.AutoIt [TrojanHorse]
Registry: Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\DisableTaskMgr
Registry:
SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore

Win32.Trojan-Proxy.MSIL [Trojan-Proxy]
Registry: SOFTWARE\\Microsoft\\Security Center\UacDisableNotify

Win32.HackTool.Pwdump [HackTool]
Registry: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\UserFaultCheck
Registry: SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\UserFaultCheck

« CONSTITUTION Home | Email msg. | Reply to msg. | Post new | Board info.

Previous | Home | Next

Disclaimer:

DON'T BELIEVE A DAMN WORD YOU READ ON THIS WEBSITE!

The reader is responsible for discerning the validity, factuality or implications of information posted here, be it fictional or based on real events. Moderators on this forum make every effort to review the material posted on this site however, it is not realistically possible for a one man team to manually review each and every one of the posts atomicbobs.com gets on a daily basis.

The content of posts on this site, including but not limited to links to other web sites, are the expressed opinion of the original poster and are in no way representative of or endorsed by the owners or administration of this website. The posts on this website are the opinion of the specific author and are not statements of advice, opinion, or factual information on behalf of the owner or administration of Atomicbob’s. This site may contain adult language, if you feel you might be offended by such content, you should log off immediately.

Not all posts on this website are intended as truthful or factual assertion by their authors. Some users of this website are participating in internet role playing, with or without the use of an avatar. NO post on this website should be considered factual information on face value alone. Users are encouraged to

USE DISCERNMENT

and do their own follow up research while reading and posting on this website. Atomicbobs.com reserves the right to make changes to, corrections and/or remove entirely at any time posts made on this website without notice. In addition, Atomicbobs.com disclaims any and all liability for damages incurred directly or indirectly as a result of a post on this website.

This website implements certain security features in order to prevent spam and posting abuse. By making a post on this website you consent to any automated security checks required by our system to authenticate your IP address as belonging to an actual human. It is forbidden to make posts on this website from open proxy servers. By making a post on this website you consent to an automated one time limited port scan of your IP address which is required by our security system to validate the authenticity of your internet connection.

This site is provided "as is" without warranty of any kind, either expressed or implied. You should not assume that this site is error-free or that it will be suitable for the particular purpose which you have in mind when using it. In no event shall Atomicbobs.com be liable for any special, incidental, indirect or consequential damages of any kind, or any damages whatsoever, including, without limitation, those resulting from loss of use, data or profits, whether or not advised of the possibility of damage, and on any theory of liability, arising out of or in connection with the use or performance of this site or other documents which are referenced by or linked to this site.

Some events depicted in certain posting and threads on this website may be fictitious and any similarity to any person living or dead is merely coincidental. Some other articles may be based on actual events but which in certain cases incidents, characters and timelines have been changed for dramatic purposes. Certain characters may be composites, or entirely fictitious.

We do not discriminate against the mentally ill!

Fair Use Notice:

This site may contain copyrighted material the use of which has not always been specifically authorized by the copyright owner. Users may make such material available in an effort to advance awareness and understanding of issues relating to civil rights, economics, individual rights, international affairs, liberty, science & technology, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law.

At some point freedom of speech and copyright law merge. The following interpretation of "Fair Use" and subsequent posting policy were developed with the assistance of qualified legal council however, we are not lawyers and cannot offer you legal advise as to the limits of "Fair Use"

In accordance with industry accepted best practices we ask that users limit their copy / paste of copyrighted material to the relevant portions of the article you wish to discuss and no more than 50% of the source material, provide a link back to the original article and provide your original comments / criticism in your post with the article.

Though legally each situation is evaluated independently according to guidelines that were intentionally left open to interpretation, we believe generally this policy represents "Fair Use" of any such copyrighted material for the purposes of education and discussion.

You are responsible for what you "publish" on the internet. You must be sure any copyrighted material you choose to post for discussion on this forum falls within the limits of "Fair Use" as defined by the law.

For more information please visit:

The Electronic Frontier Foundation website

If you are a legal copyright holder or a designated agent for such and you believe a post on this website falls outside the boundaries of "Fair Use" and legitimately infringes on yours or your clients copyright

we may be contacted concerning copyright matters at:

Atomic Bob’s
RT 2 Box 257-20
Nowata, OK 74048
Phone: 918-273-8276
E-Mail: abgtbob -at- gmail.com

If you require a courier address please send a fax or email and we will provide you with the required information.

For expedited human review & removal of potential copyright violations we encourage users & copyright holders to utilize the "Report Copyright Violation" button that accompanies each post published on this website.

In accordance with section 512 of the U.S. Copyright Act our contact information has been registered with the United States Copyright Office. "Safe Harbor" noticing procedures as outlined in the DMCA apply to this website concerning all 3rd party posts published herein.

If notice is given of an alleged copyright violation we will act expeditiously to remove or disable access to the material(s) in question. It is our strict policy to disable access to accounts of repeat copyright violators. We will also ban the IP address of repeat offenders from future posting on this website with or without a registered account.

All 3rd party material posted on this website is copyright the respective owners / authors. Atomicbobs.com makes no claim of copyright on such material.

Please be aware any communications sent complaining about a post on this website may be posted publicly at the discretion of the administration.

---

DON'T BREAK THE LAW!

---

Other than that you can do / say whatever you want on this forum.

We reserve the right to block access to this website by any individual or organization at any time for any reason whatsoever or no reason at all.

This Disclaimer is subject to change at anytime.