Umm, what the hell? Why is the site up and running, when you have admited there is nothing that you can do about it 'till MS patch's? You allowed people to continue to be infected, and knew it was going to keep happening?
Who's responsible for that decision? I could have done without all this trouble, TY for taking us into consideration.
I got my work computer infected as soon as I entered the front page of this site, and I am running with all AciteX disabled precisely because of problems like this. :-( The trojan installed some sort of dll file called "Mxo0.dll" which McAfee removed immediately, but it just keeps coming back every time I re-start my computer and I don't know how to remove it. :-( Worse, there's no guarantee this thingy is not still running somewhere in the system and stealing sensitive corporate information, I disconnected the machine from network until we get some more information on this. McAfee and Ad-aware were unable to find anything, but something must still be wrong because the file just keeps turning back. :-(
Please help., I could lose my job over this thing if it turns out the trojan does more than just steal Lineage passwords. :-(
I did notice, at least on my system, that my antivirus blocks the trojan all together if I dont log onto the site. If I do log on it fails to block it and does detect but also fails to clean it and the file must be deleted all together requiring a system restart. Also If I dont log into the site it only effects the main screen but when I do log onto the site it effects every screen, sometimes multiple times on one screen. Draw whatever conclusions from this that you want as I know the admins prolly prefer to have registered users and to have those users sign on...but common sense would dictate if a server is infected reduce your contact with that server as much as possible.
Jade6: You should be able to stop it from coming back by turning off system restore. Right-click my computer > System resore tab > Turn off system restore on all drives. From what i read on the Mc'affee site, that should keep it from re-insalling.
I got my work computer infected as soon as I entered the front page of this site, and I am running with all AciteX disabled precisely because of problems like this. :-( The trojan installed some sort of dll file called "Mxo0.dll" which McAfee removed immediately, but it just keeps coming back every time I re-start my computer and I don't know how to remove it. :-( Worse, there's no guarantee this thingy is not still running somewhere in the system and stealing sensitive corporate information, I disconnected the machine from network until we get some more information on this. McAfee and Ad-aware were unable to find anything, but something must still be wrong because the file just keeps turning back. :-(
Please help., I could lose my job over this thing if it turns out the trojan does more than just steal Lineage passwords. :-(
you MAY want to remind your IT department that THEIR computer network is not secure. picking things like this up is a fairly common in the "net world" this was nothing that YOU did wrong, or INSTALLED, NOR is it your fault for picking it up, but it IS your IT departments lack of a secure workstation that has caused it.
.. so put THAT in their pocket protectors if they hassle you.
I would guess that techincally, the above person is probably not supposed to surf website's outside of work-related interests
My only defence is that it is normally not so strict, and this is not exactly an "obscure website", though not work related. :-/ We all check news etc and we visit a lot more obscure websites every time there's a problem, we just do a search and visit any page that may have the solution. I also thought that I had taken all possible precautions, aside from using Firefox, but I guess it's not enough. :-/
But you are saying this safe-mode thingy would help? How can it help if there is a virus that not even McAfee or AdAware can find that keeps putting it back at re-start? My immediate superior and the helpdesk guy didn't seem all that bothered but I am going crazy here. The keylogger itself may have been removed, but who knows what the trojan did during the few fractions of a second it took spyware tio quaranteen it? The anti-virus also doesn't run until a few seconds after computer re-start, in the mean time system is vulnerable and the file is there. :-(
None... registry seems clear (checked some info on the virus), there is no funny process with a name like "svhost.exe" running, the file McAfee whines about doesn't seem to exist (since McAfee removes it every time), and both AdAware and Antivir are saying that there is nothing wrong whatsoever. But I still get the McAfee warning every time I re-start. I also did netstat -a and noticed that there are one or two unknown connections "established"; I don't know how serious it is but I pulled the network plug as soon as I noticed anyway. My biggest concern is that a hacker might use these trojans to steal my password and then access my computer to steal sensitive information (assuming he even needs a password), hopefully he can't now that the machine is offline and I changed my password but I'm seriously worried in any case. And not to mention if he somehow manages to gain access to other computers in the network using my computer.
This is my worst nightmare. :-( I thought I was protected by security settings, anti-virus and firewall, 3 times over, and still I'm not safe.
ok microsoft sent a security update this week so it might relate to that but then i dont have you you receive check to make sure if you do use xp that all the update are on if vista user I CAN NOT HELP YOU SORRY .the update i received was for xp.
and 1 more thing .you might want to run live onecare once a while dont ask me why i dont know.but i do know that it detected 3 virus that my other antivirus coudnt i was like i jusrt scanned it where does this come from lol.might in microsoft own code beats me but now i scan it with live onecare .one drawback that GET TO ME after a while it wont be free but then i might get it anyway cause of the fact that it saved me a lot .(ONLINE LOL WHO HASN T PROBLEM ).i was using avg anti-virus before
Comments
Umm, what the hell? Why is the site up and running, when you have admited there is nothing that you can do about it 'till MS patch's? You allowed people to continue to be infected, and knew it was going to keep happening?
Who's responsible for that decision? I could have done without all this trouble, TY for taking us into consideration.
Please help., I could lose my job over this thing if it turns out the trojan does more than just steal Lineage passwords. :-(
.. so put THAT in their pocket protectors if they hassle you.
____________________________
TheCore
____________________________
TheCore
But you are saying this safe-mode thingy would help? How can it help if there is a virus that not even McAfee or AdAware can find that keeps putting it back at re-start? My immediate superior and the helpdesk guy didn't seem all that bothered but I am going crazy here. The keylogger itself may have been removed, but who knows what the trojan did during the few fractions of a second it took spyware tio quaranteen it? The anti-virus also doesn't run until a few seconds after computer re-start, in the mean time system is vulnerable and the file is there. :-(
any signs that you've got this beyond AV alerts?
This is my worst nightmare. :-( I thought I was protected by security settings, anti-virus and firewall, 3 times over, and still I'm not safe.
does it show up on msconfig? I know viruses like to place themselves there.
ok microsoft sent a security update this week so it might relate to that but then i dont have you you receive check to make sure if you do use xp that all the update are on if vista user I CAN NOT HELP YOU SORRY .the update i received was for xp.