I was reading a PM when Firefox tried to load Adobe Acrobat, crashed, and then some .dll junk installed itself
mdlasv.dll
arijodohujehukon.dll
the first one came back as "Mask Tools Dynamic Library" but it's a common name given to malware.
There apparently is a legit software with that name "Mask Tools".
WinPatrol stopped the system startup changes.
Process Explorer killed everything in RAM.
And I manually deleted it.
CCleaner removed now-dead commands from registry.
Curiously, SuperAntiSpyware did not see it.
It added this BS to the registry: HKCR\AcroAccess.Premiere.2
ms0cfg32.exe was in the browser temp folder.
klomp.exe was in the system32 folder.
userini.exe was in the registry.
There were a few things hidden in win.ini, too.
It came from videohelp.com
Try StreamFab Downloader and download from Netflix, Amazon, Youtube! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Results 1 to 15 of 15
Thread
-
Last edited by lordsmurf; 20th Dec 2010 at 11:12.
Want my help? Ask here! (not via PM!)
FAQs: Best Blank Discs • Best TBCs • Best VCRs for capture • Restore VHS -
... added more to first post.
Last edited by lordsmurf; 20th Dec 2010 at 10:55.
Want my help? Ask here! (not via PM!)
FAQs: Best Blank Discs • Best TBCs • Best VCRs for capture • Restore VHS -
Disable scripting in Acrobat to prevent an Adobe exploit virus in the future.
-
Last edited by deadrats; 20th Dec 2010 at 19:35.
-
keep adobe crap updated. reader 10 run in a sandbox to prevent exploits.
--
"a lot of people are better dead" - prisoner KSC2-303 -
Hi Lordsmurf,
Just out of curiosity what are you running for "Firewall" and "AntiVirus" !?!
Thanks,
G! -
No firewall, no anti-virus. It slows systems too much to be of any value.
Firewall would not have helped.
And this also wasn't a virus. It was a worm, which AV can miss anyway.
The system had actually scanned clean not 6 hours before this happened, during routine defrag/backup.
It was some errant JS from videohelp that failed to launch Adobe Acrobat then proceeded to install crap.
I was able to remove it with minimal effort -- just a nuisance.
This post was mostly for baldrick, but also a warning to see if I was alone in this.
The PM in question had no attached JS that I could see. (It's been deleted anyway.)Want my help? Ask here! (not via PM!)
FAQs: Best Blank Discs • Best TBCs • Best VCRs for capture • Restore VHS -
Have you got the NoScript plugin for Firefox?
Sometimes malicious code can spread via embedded advertising banners:
http://www.h-online.com/security/news/item/Malicious-advertising-banners-distributed-b...ek-740249.html
I've only allowed JavaScript originating from videohelp.com
I don't have Adobe Acrobat installed. I use a less bloated alternative, Okular - which I doubt is susceptible to the same security exploits as Acrobat. -
NoScript was eating into CPU for some reason, so I had just removed it last week.
Firefox had become almost unusable due to several plugins.
I do think it was an ad.
I don't have Adobe Acrobat as active -- I use Foxit, which is why it was strange.
It probably crashed because I have some related Adobe services disabled.Last edited by lordsmurf; 21st Dec 2010 at 06:37.
Want my help? Ask here! (not via PM!)
FAQs: Best Blank Discs • Best TBCs • Best VCRs for capture • Restore VHS -
this exploit discovered a few months ago works on both acrobat and foxit.
an attack can use the launch action functionality in Acrobat PDF and Foxit to run embedded executables. The good news is that it's a relatively easy fix unless you require the usage of that functionality. To prevent Acrobat from running an executable simply open Acrobat and select Edit –> Preferences –> Trust Manager and deselect "allow opening of non-PDF file attachments with external applications". This will prevent Acrobat from executing executables within the program.--
"a lot of people are better dead" - prisoner KSC2-303 -
What completely irresponsible fool thought it was a good idea to allow that by default?
Didn't they learn anything from Microsoft and its endless macro virus exploits?
I run Acrobat 4 myself; it can display just about any PDF I need, but doesn't have the functionality of launching malware. I can live without that. -
Acrobat replacement programs are sometimes vulnerable to the exact same problems as Acrobat.
lordsmurf - I used to be a gigantic Firefox supporter but I now mostly run Chrome. You might give it a try if you feel that Firefox is too slow (a valid complaint). -
I've already been using Chrome for my "random surfing" and various web dev work, since the day it went beta.
The problem with Chrome is the ajax support sucks.
I run Chromium, too.
Some decent plugins for both.
I only use Firefox for trusted sites where I have memberships. It's not too bad plugin-free
Flock is a pig, even without plugins. All the social integration crap is waste of RAM and CPU.
Another good one is Seamonkey, which is only part Mozilla code.
K-Meleon is decent, but has some annoyances with keyboard shortcuts (CTRL+B isn't bold, for example)
IE5 through IE8 are here for testing. Need to get IE9. Not used for anything, if I can avoid it.
Some gov't sites require it for logins, the morons.
There's several great Mac browsers not on Windows, too!
I didn't even know Acrobat had those settings -- much less the brain-dead choices in default settings.
The only reason I have Acrobat is because it came with CS3 Master Collection, which is installed in full.Want my help? Ask here! (not via PM!)
FAQs: Best Blank Discs • Best TBCs • Best VCRs for capture • Restore VHS -
the java script wouldn't need to be attached, you could use html to hide instructions to download and execute a java script, i don't know if you know how browsers display web pages but basically a page is coded in an interpreted programming language (mostly html) and a browser is designed to execute the instructions line by line. within a web page you can embed other types of scripted languages that a browser by default will also execute line by line.
all the author of the pm would have to do is embed some tags that tells your browser to download the js from a remote server and execute it.
very simple to do, really.
Similar Threads
-
Virus?
By pinetop in forum ComputerReplies: 5Last Post: 23rd May 2011, 15:11 -
Question about virus so terrible that Ghost restore did not kill the virus
By jimdagys in forum ComputerReplies: 24Last Post: 27th Apr 2010, 10:58 -
VIRUS,VIRUS, Getting blocked accessing antivirus sites
By G)-(OST in forum ComputerReplies: 11Last Post: 10th Apr 2009, 02:40 -
virus or something else
By alintatoc in forum ComputerReplies: 3Last Post: 2nd Mar 2009, 14:37 -
found very high quality free web site to check if a file has a virus
By jimdagys in forum ComputerReplies: 13Last Post: 26th Aug 2008, 09:48