2014-11-17 00:37:41 UTC
especially programs that claim to fix everything that is not wrong with her
Anyhow, I'm dealing with a for-real zombie that continues to write about 1
MB/s of data to temp directories. I can only stop it in safe mode. What's
curious about this is that when running in regular mode MalwareBytes keeps
blocking its attempt to connect to 188.8.131.52. Guess where that lands --
RUSSIA. The poor thing it trying to phone home for further instructions and
just can't get through to the mother ship.
By the way, the processes involved include powershell, dplaysvr, and of
course our fave, svchost. Even looking at tools that attempt to show entry
points I can't get a handle on exactly what is launching this stuff.
the Pentagon and using this poor computer as part of its attack network?
All in all, I can get most stuff to work on the computer, so this zombie
likely would have gone undetected if it had been written better. I'm
assuming that it keeps writing more temp files because it's being denied
access to the internet. Looking them over, I'm seeing scripts that attempt
to link to sites with randomized names or names that sound legit but aren't
quite (such as "mirosoft.com", etc.
This infection has apparently come to the fore only in the last few days,
and somebody has written some tools which may or may not fix the problem. I
have no idea who the author is, so I'm going to have to do lots of research
before I use them.
Or wipe the partition and start over....
This email is free from viruses and malware because avast! Antivirus protection is active.