791224?

Hi guys,

This is my first post on these forums, I am sorry if I haven't introduced myself, I am more of a reader than a writer, bad habit of mine.

Hello from Liverpool, U.K.

Strange problem here...

I know you guys can't give me any solutions, I hope to find my own, however, if someone was good enough to point me in the right direction, I would be most greatful and obliged.

For about a fortnight now, me and 1 of my flatmates, who all use the internet in a seemingly switch controlled Lan, have been having issues with some kind of rogue Malware/J.S exploit.

I come on here, because well, sirs, I am perplexed as to it's nature.

The only dirt I can dig up on this piece of shat, is that it seems to originate from Asia, however, upon a bit of sniffing around, for some reason my investigating has led me to somewhere not 80 miles from me, it's source I mean.

However, I have dealt with Malware/Spyware etc. in the past, I haven't seen anything like this, it seems to be wormlike and I am wondering if it has actually infected the ISP rather than singular stations.

There is not much information on the internet, and Kaspersky seems to pick up on it, finding Trojans within my system, however this is not stopping the attacks, which seem to correlate within my browser, mainly surfacing it's ugly face by splurging 791224.htm every once so often in my Firefox webpage information bar on the bottom left of my window.

I'm absolutely head cheesed by this, one of my other flatmates, does not appear to be infected or targetted, as the other 2 of us are, which confuses me.

I am going to scan more with the big K and scour these forums for more clues and/or answers.

I am not coming on here to be spoonfed, however having failed to find any english webpage pointing to a possible solution to this pest, I thought it would be prudent to at least post my experiences in the hope that it might help someone else in the future.

Thank You for your time.

Laz...

P.S, I really do fancy a nice slice of warm Cherry Pie with whipped cream.

 

Take a look here http://www.sophos.com/security/hoaxes/jsexploit.html

 

Y'see, that's the problem, anytime I go anywhere near Microsoft Update, my browser locks up.

May go and try safe mode, however I imagine it will be the same.

Is there any off site hotfixes?

 

There is a removal tool at this link. It is at the top of the list. it is at least worth a try. http://www.azvirus.com/js-exploit-script-removal

 

I just had a look around a site called 791224(dot)com and it's got 3 iframes with exploits at the moment. One of those has a CLSID of 1F5C358-60FB-4A23-A312-D2B556620F20 currently so you might have a look for that - but it would be hard to say what it's dumped on you by now (assuming that the site and your htm are related). You could try blocking that site in some fashion on the router or within your browsers and see if it slows down enough that you could get ahead of the game?

If you are comfortable at the command line - you might use arp to have a look at what you've got, and possibly clear it.

 

Im comfortable with the command line, but as for ARP "cleansing"?

Erm, i'll go fish around google. look for a tut.