Actually it was an encrypted backdoor trojan that I picked up from some ad somewhere (not from this site) or even perhaps a hacker. Since it was encrypted, not a single firewall or program caught it until it was too late. I’ve taken measures to make sure they don’t get away with it again. It hijacked every program on my pc, duplicated the EXE file and put a space before the extention (such as AOL .EXE) and made the pc hang endlessly by hijacking all resources. But I kind of like Allen’s definition much much much better LOL!!
If no firewall or program (I assume you mean antivirus program) caught it in the first place, what measures other then NOT going back to the website are you taking to prevent it again?
Since it’s encrypted, how were you able to pin it to a website? What program did you use to figure out indeed it was encrypted. Or are you describing a “rootkit” trojan, which generally doesn’t do what you described to my knowledge.
Did you originally disable realtime monitoring on your antivirus program or not keep the database updated?
Most common cause of computer problems as you describe above in my experiences is the failure to keep the antivirus signature updated followed by disabling firewall and antivirus programs.
I’m not sure what the heck it was or exactly where it came from. I couldn’t find much about it at all other than a few techie forums helping desperate people try to remove it. I have 3/4 of my degree in computer science so I know a little about the field, although most of my schooling is out of date. One site said it was a backdoor trojan and a root kit virus both so who knows. One site said it was just discovered this past October 30. I isolated the virus files on a CD and scanned it directly with a Norton Internet Security and antivirus program fully updated and it still did not detect a thing. Searching both McAfee and Symantec’s website came up with nothing.
As soon as it hit, I went to my C:\windows and C:\program files and prefetch folders and checked for new files/folders and that’s how I found it. I was on myspace when it hit and I wasn’t clicking on anything suspicious. I think they were waiting to pounce or port hunting. Two or three anti spywares, a full firewall and an antivirus were all running and fully updated at the time it hit. The only other way I could have gotten it was through an email from a friend or family without them realizing it. I do have a friend who’s pc also crashed and they had to take it to a professional so they may have been the source or I unknowingly infected them through an email attachment.
If you can find anything on it, that would be beneficial in helping defend against it, and I would be grateful. I’m going to send what I know about it to the techies at Symantec. I’ve programmed my firewall to block all their possible file names that I’ve found. So even if I do get it again, it can’t access the internet. I’m also not going to myspace ever again and constantly check for those files.
What appeared to have possibly been the initial file was mrofinu72.exe, which is also known as several variations including - get this - 17phomes.exe (the comet lol). It was in program files. Then also in there was this deadly combo which I don’t know if the mro file replicated as, or if the mro allowed more viruses in, or if I got slammed twice by two different viruses:
3 folders with exe and dll files in them:
QDRpack11.exe
QDRdriver.exe
QDRmodule (.exe)
I really think the mro file is related to the QDR crap because they ALL had duplicate files with a space in front of their extention. The mro file added a mrofinu72 .exe (notice the space) and another tmp file of the same name. The QDR files appeared in my msconfig startup with a space in front of the extention!! Then while watching active processes while executing other normal programs on my pc, I accidentally discovered it made a copy of all my exe files with the space in front of the dot and hung cpu resources at 100%, even just from one program hanging. It would not let me run a virus scan (unless in safe mode) and it wouldn’t let me open spyware to force a full scan either. It also opened IE all by itself and threw up various ad websites without my permission and constantly reset my IE security to NONE AT ALL every time I opened it. Nasty stuff. Happy researching and report back soon!
It’s ok to change the subject, this is the BANTER thread. Or the Panther Bed. Or the Panter Tred. He’s still working on my problem at the moment, give him a minute LOL. He’ll be there soon I’m sure. (Everybody fighting over Allen)
Yeah, they say knowledge is power LOL and it takes learning to get knowledge.
See fileresearchcenter.com/M/MRO … 11590.html for that file. Trojans are nasty things and while possible to fix, in your systems state with every file being renamed, your only option was to reformat and reinstall. Trojans are also known to install keyloggers as well as other little nasty surprises.
Only hit in Google for this one was this thread Different name?
Causes all sorts of MSIE popups. Probably was downloaded from one of your what is appearing many trojans on your system.
Direct result of your QDRpack experiences.
Now, be aware, it’s not only myspace that has issues with trojans.
If you have not done so, a download of spybot and adaware IN ADDITION to your antivirus program and firewall will protect you much better.
Remember security in layers, but NEVER use more then one antivirus program and never more then one firewall. If you are using Norton firewall, you need to disable Windows firewall or vice versa.
And last but not least, be sure to keep up with all of MS securty patches. That at a minimum will reduce your vulnerability.
I didn’t see any “group” per se, but did see Williams (Chris’s) photos and he was the only member of a Madison MS group. Not familiar with Flickr, so I may have overlooked.
Cowling should look familar as about half of his photos were taking from my plane. His brother rents from the school and the other half were taken from their planes.
Yeah. It’s a quote from the movie “Heathers”. “#v< me gently with a chainsaw”. You gotta search the page in the link to find it. I was hoping someone would pickup on it.
Thanks Allen, all good advice. I only have one firewall and antivirus running, but have 5 or 6 antispywares including both those you mentioned. I only run them at will, not constantly in the background, except for one which runs all the time. None of them recognized the trojans I had. Neither did the latest SP2 Windows patches. Just have to be careful where you surf these days. I don’t understand how millions surf myspace and survive lol.
Okay, next banter subject? Perhaps How to Flirt With a Pilot 101. (unmarried only lol) Make that the 400 level course, I’ve already studied the subject and done some homework.
Yes, must include studies for both engine types, but not a combo of both!! YUK!!! I’m close with a multi engine HIM but also curious about the process of wingtipping with singulars lol. Can you perhaps paste a few quotes from that FAA chapter?