Identifying possible exploit

Discussion in 'malware problems & news' started by JimmyW, Feb 13, 2009.

Thread Status:
Not open for further replies.
  1. JimmyW

    JimmyW Registered Member

    Aug 23, 2007
    I have an XP SP1 Home system on which an exploit might have resulted in the symptoms that I'll describe below. I've seen something similar in machines infected by an adware application that purports to be an AV tool, but I can't recall its name.

    First, accessing the Windows Firewall results in a message of, Due to an unidentified problem, Windows cannot display Windows Firewall settings. This message can result from a [an intentionally] corrupt[ed] registry key. The Windows Security Center also acts abnormally, both in appearance and in menu offerings. Here's a sample from Security Center's Get help about Security Center menu:

    Firewall: OXO Windows checks to see if your computer is protected by a software firewall.
    Virus protection software: OXO Windows checks to see if your computer is using a full, up-to-date antivirus program.
    Automatic Updates: OXO

    NOD32 3.x turned up a couple of trojans (GetCodec.gen or Agent.NIS) in an html and "video" file. I investigated every running service and process and found nothing unusual. Everything was identified and was run from the correct path. The registry run keys contain only a couple of well known values. The startup menu is empty. Rootkitrevealer turned up nothing.

    I imagine that what I have could have resulted from innocent corruption, or that an exploit was found and removed, but its damage remained. Any advice or suggestions would be welcome. Thanks.
  2. funkydude

    funkydude Registered Member

    Apr 5, 2004
    Check for updates in windows, and download the secunia PSI from to make sure your software is up-to-date.

    To be extra safe I'd download and run a free scan with Malware Bytes Anti Malware.
Thread Status:
Not open for further replies.