Infected with Dsq.exe

Discussion in 'Windows 64bit' started by Skybuck Flying, May 2, 2010.

  1. Hello,

    http://members.home.nl/hbthouppermans/IE8Malware/

    Date of infection: 2 may 2010

    It entered my Windows XP X64 Pro Edition SP2 operating system unnoticed.

    Last windows update was on 21 march 2010 I think...

    Only thing noticed was misbehaving IE8 for some website ?!?.

    I shut it down after a few seconds... but apperently to late.

    (No firewalls, no virus scanners, no spyware scanners running).

    So far the virus/spyware/malware doesn't seem to have done too much damage ?

    It only seems to load ads in internet explorer ?!?

    It showed up in tasklist... I terminated it.

    The file was in C:\Windows\Temp\Dsq.exe according to process explorer.

    I deleted it... I hope it's gone now...

    Time will tell..

    (I will do a windows update shortly ;))

    Bye,
    Skybuck.
     
    Skybuck Flying, May 2, 2010
    #1
    1. Advertising

  2. Hmm the situation seems to be a bit worse than I thought...

    The virus/malware seems to have copied itself to multiple filenames:

    dsu.exe
    dsx.exe

    Also different sizes.

    I will sort the folder on date and see what files with creation date today 2
    may 2010 show up:

    Well some more of those...

    However this file seems weird too:

    sshnas21.dll "application extension".

    It's date is the same... I did not install anything... so this could be it's
    attack vector...

    This website mentions more about it:

    http://www.prevx.com/filenames/638101953234652968-X1/FSENIA.EXE.html

    It doesn't mention the dll though...

    It seems 28 march 2010 so it's pretty new malware...

    Bye,
    Skybuck.
     
    Skybuck Flying, May 2, 2010
    #2
    1. Advertising

  3. Hmm it seems I have become lucky...

    If I had restarted my computer the virus/trojan would have become active
    with nasty consequences...

    I had a feeling something like that might happen, so good thing I stayed
    cool and first figured out what damage has been done... I don't know exactly
    how it came in... but it came in via IE8 that's for sure... so that browser
    is fucking unreliable again ! I already lost one system because of stupid IE
    ! Fortunately it was pretty much a junk system.. but I did lost somebody
    elses source code who was dead that kinda sux...

    Microsoft now officially has a major security flaw and it's called: INTERNET
    EXPLORER and WEBBROWSER.

    I don't like all the crap like javascript and adobe flash bullshit... way to
    risky...

    I will contemplate later if I will downgrade my system to a more simple
    webbrowser he doesn't support all the junk and could hopefully be more
    safe...

    Instructions how to remove it:

    http://www.myantispyware.com/2009/12/02/how-to-remove-sshnas-dll-trojan-remove-trojan-fakealert/

    I will now try this...

    And yes a service sshnas is indeed installed... I disabled it in services.

    The file also shows up as:

    C:\WINDOWS\SysWOW64\sshnas21.dll

    Bye,
    Skybuck.
     
    Skybuck Flying, May 2, 2010
    #3
  4. Ok, the tool on that website helped.

    Explorer.exe hang a bit though.

    Rebooting seemed to freeze windows a bit.

    After reset button pressed windows started up..

    Everything seems to be fine.

    The dll in the wow folder wasn't deleted though...

    But this time I could delete it manually previously it would not let me do
    that... so that's what the OTM.exe tool solved.

    The service is now also gone from the services...

    Bye,
    Skybuck.
     
    Skybuck Flying, May 2, 2010
    #4
  5. This/Today was a close call ladies and gentlemen !

    I feel lucky I was hit by this friendly trojan instead of a nasty disk
    formatter/windows upfucker...

    Things could have gotten real nasty... but thankfully not.
    (Hmm I just got a weird warning message from outlook but since I was typing
    I missed it and press enter ?)

    Hmm it seems to be:
    "A time-out occurred while communicating with the server. Account: 'Windows
    Live Mail', Server: 'pop3.live.com', Protocol: POP3, Port: 995, Secure(SSL):
    Yes, Error Number: 0x800CCC19"

    Maybe that will go away later...

    Anyway... I just updated my windows operating system and internet explorer
    8.

    The last update was indeed 21 march 2010... which isn't really that long
    ago... but I guess I should have updated a bit sooner.

    April 2010 seems to be the worst security related month for Windows...
    possibly ever !

    7 security vunerablities which are comprised of actually multiple !

    And 1 major security updated/vunerability for IE8, multiple as well 10 !

    I estimed it to be at least 30 security vunerabilities in just april 2010 !

    All looked pretty serious to me too !

    Well now I feel a whole lot safer again !

    And there was indeed a security vunerability mentioned with mpeg3 audio...
    which might explain my earlier observation some time ago... with a crashing
    video... ;) :)

    Bye,
    Skybuck.
     
    Skybuck Flying, May 2, 2010
    #5
  6. Skybuck Flying

    Tom Orle Guest

    "Skybuck Flying" <> wrote:


    >The dll in the wow folder wasn't deleted though...
    >
    >But this time I could delete it manually previously it would not let me do
    >that... so that's what the OTM.exe tool solved.


    Skybuck,

    FWIW - Unlocker is a popular freeware tool to unlock stubborn files &
    folder for deletion.

    I've used it for years and your comment reminded me of it and got me
    to upgrade to the latest version, thanks ;-)
    http://ccollomb.free.fr/unlocker/

    -=tom=-
     
    Tom Orle, May 2, 2010
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Fatfreek

    WUPDTMGR.EXE infected says McAfee?

    Fatfreek, Nov 18, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    506
    ┬░Mike┬░
    Nov 18, 2003
  2. Gina & Keith

    infected PDH.EXE

    Gina & Keith, Jun 5, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    1,075
    Boomer
    Jun 6, 2004
  3. WCH
    Replies:
    3
    Views:
    700
    Linda
    Sep 15, 2004
  4. Doug Fox
    Replies:
    10
    Views:
    730
    donutbandit
    Feb 28, 2004
  5. peter

    infected by r_server and iroffer.exe

    peter, Dec 27, 2003, in forum: Computer Information
    Replies:
    3
    Views:
    1,407
    mbowen83
    Dec 27, 2003
Loading...

Share This Page