Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Windows 64bit > Infected with Dsq.exe

Reply
Thread Tools

Infected with Dsq.exe

 
 
Skybuck Flying
Guest
Posts: n/a
 
      05-02-2010
Hello,

http://members.home.nl/hbthouppermans/IE8Malware/

Date of infection: 2 may 2010

It entered my Windows XP X64 Pro Edition SP2 operating system unnoticed.

Last windows update was on 21 march 2010 I think...

Only thing noticed was misbehaving IE8 for some website ?!?.

I shut it down after a few seconds... but apperently to late.

(No firewalls, no virus scanners, no spyware scanners running).

So far the virus/spyware/malware doesn't seem to have done too much damage ?

It only seems to load ads in internet explorer ?!?

It showed up in tasklist... I terminated it.

The file was in C:\Windows\Temp\Dsq.exe according to process explorer.

I deleted it... I hope it's gone now...

Time will tell..

(I will do a windows update shortly )

Bye,
Skybuck.


 
Reply With Quote
 
 
 
 
Skybuck Flying
Guest
Posts: n/a
 
      05-02-2010
Hmm the situation seems to be a bit worse than I thought...

The virus/malware seems to have copied itself to multiple filenames:

dsu.exe
dsx.exe

Also different sizes.

I will sort the folder on date and see what files with creation date today 2
may 2010 show up:

Well some more of those...

However this file seems weird too:

sshnas21.dll "application extension".

It's date is the same... I did not install anything... so this could be it's
attack vector...

This website mentions more about it:

http://www.prevx.com/filenames/63810...SENIA.EXE.html

It doesn't mention the dll though...

It seems 28 march 2010 so it's pretty new malware...

Bye,
Skybuck.


 
Reply With Quote
 
 
 
 
Skybuck Flying
Guest
Posts: n/a
 
      05-02-2010
Hmm it seems I have become lucky...

If I had restarted my computer the virus/trojan would have become active
with nasty consequences...

I had a feeling something like that might happen, so good thing I stayed
cool and first figured out what damage has been done... I don't know exactly
how it came in... but it came in via IE8 that's for sure... so that browser
is ****ing unreliable again ! I already lost one system because of stupid IE
! Fortunately it was pretty much a junk system.. but I did lost somebody
elses source code who was dead that kinda sux...

Microsoft now officially has a major security flaw and it's called: INTERNET
EXPLORER and WEBBROWSER.

I don't like all the crap like javascript and adobe flash bullshit... way to
risky...

I will contemplate later if I will downgrade my system to a more simple
webbrowser he doesn't support all the junk and could hopefully be more
safe...

Instructions how to remove it:

http://www.myantispyware.com/2009/12...jan-fakealert/

I will now try this...

And yes a service sshnas is indeed installed... I disabled it in services.

The file also shows up as:

C:\WINDOWS\SysWOW64\sshnas21.dll

Bye,
Skybuck.


 
Reply With Quote
 
Skybuck Flying
Guest
Posts: n/a
 
      05-02-2010
Ok, the tool on that website helped.

Explorer.exe hang a bit though.

Rebooting seemed to freeze windows a bit.

After reset button pressed windows started up..

Everything seems to be fine.

The dll in the wow folder wasn't deleted though...

But this time I could delete it manually previously it would not let me do
that... so that's what the OTM.exe tool solved.

The service is now also gone from the services...

Bye,
Skybuck.


 
Reply With Quote
 
Skybuck Flying
Guest
Posts: n/a
 
      05-02-2010
This/Today was a close call ladies and gentlemen !

I feel lucky I was hit by this friendly trojan instead of a nasty disk
formatter/windows up****er...

Things could have gotten real nasty... but thankfully not.
(Hmm I just got a weird warning message from outlook but since I was typing
I missed it and press enter ?)

Hmm it seems to be:
"A time-out occurred while communicating with the server. Account: 'Windows
Live Mail', Server: 'pop3.live.com', Protocol: POP3, Port: 995, Secure(SSL):
Yes, Error Number: 0x800CCC19"

Maybe that will go away later...

Anyway... I just updated my windows operating system and internet explorer
8.

The last update was indeed 21 march 2010... which isn't really that long
ago... but I guess I should have updated a bit sooner.

April 2010 seems to be the worst security related month for Windows...
possibly ever !

7 security vunerablities which are comprised of actually multiple !

And 1 major security updated/vunerability for IE8, multiple as well 10 !

I estimed it to be at least 30 security vunerabilities in just april 2010 !

All looked pretty serious to me too !

Well now I feel a whole lot safer again !

And there was indeed a security vunerability mentioned with mpeg3 audio...
which might explain my earlier observation some time ago... with a crashing
video...

Bye,
Skybuck.




 
Reply With Quote
 
Tom Orle
Guest
Posts: n/a
 
      05-02-2010
"Skybuck Flying" <(E-Mail Removed)> wrote:


>The dll in the wow folder wasn't deleted though...
>
>But this time I could delete it manually previously it would not let me do
>that... so that's what the OTM.exe tool solved.


Skybuck,

FWIW - Unlocker is a popular freeware tool to unlock stubborn files &
folder for deletion.

I've used it for years and your comment reminded me of it and got me
to upgrade to the latest version, thanks
http://ccollomb.free.fr/unlocker/

-=tom=-


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PC could be infected without opening an infected mail?! Doug Fox Computer Security 10 02-28-2004 09:32 PM
How do you know you didn't get infected by Swen? wylbur37 Computer Support 28 11-28-2003 07:25 AM
WUPDTMGR.EXE infected says McAfee? Fatfreek Computer Support 3 11-18-2003 02:57 AM
Re: What is infected file EGDHTML_1017.dll? °Mike° Computer Support 4 08-16-2003 11:35 PM
Re: Windows registry infected? JM Computer Support 0 07-10-2003 08:19 AM



Advertisments