Runtime.exe, dependencies.exe - how concerned should I be.

Discussion in 'privacy problems' started by AnthonyG, Jul 20, 2008.

Thread Status:
Not open for further replies.
  1. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    Hi,

    After doing a scan just now with Panda activescan it has brought up a Trojan infection based on

    Runtime.exe and dependencies.exe

    These were both based in

    C:\Documents and Settings\Anthony\Local Settings\Temp\runtime.exe
    C:\Documents and Settings\Anthony\Local Settings\Temp\dependencies.exe

    I have deleted both files from the recycle bin, actually I have cleared out the entire folder to the recycle bin.

    I have went onto the internet and done a search and brought up this page on the trojans.

    http://www.spywaredetector.net/spyware_encyclopedia/PSW.FirePass.htm

    I have just checked my host file and it has inside the host entry this website warns about,

    My question now is obviously how concerned should I be about this, I do use my PC to loggon to my bank, credit cards and Paypal (and store the loggon details) however I always use Firefox for this, and have the passwords stored into Firefox password savefile, never Internet Explorer.

    Also I suspect this may have come from a program I have installed, from googling most infections have arisen from beta software installations with these files incorperated, likely I will have this software sill on my machine.

    So does anyone have any ideas on how I can identify the culprit software. (Panda did not find it).

    Thanks
    Anthony
     
    Last edited: Jul 20, 2008
  2. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    What's wrong with 127.0.0.1 localhost? That's the default host entry.
     
  3. AnthonyG

    AnthonyG Registered Member

    Joined:
    Aug 3, 2004
    Posts:
    614
    I am not really clued up on the host file to be honest.

    But I am going by the info given from the encyclopedia warning linked.

    I have in my haste deleted the addresses in the host file I am not sure of.

    I am more concerned about my firefox profiles, as investigating further inside the infected Local Host Folder there was also filled called "FTP.dat" which instructed to "passdump" the contents of my firefox profile folder.

    I had however before this moved the profile folder to another location than the default, so I am not sure if this has been successful or not.
     
  4. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    (The above two postings look completely different than the OP so I don't know if I'm missing something or??)

    I would be very concerned.

    My suggestion is to change all your online passwords. I'm presuming you have eliminated the culprit if the scans are now coming back clean. Based on the location, I would assume that you have visited an infected site.

    If you are sure your PC has been cleaned, then you can use your own PC to change your passwords, otherwise if you have a trusted geek-friend who has a clean PC, I'd ask them if you could use their PC to change your passwords. Just in case.
     
  5. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Did you just use Panda to check or do you have some backup scanners such as SuperAntiSpyware and Malwarebytes-AntiMalware? I would recommend 2nd opinions from a different scanner and I would even do an online virus check maybe at HouseCall. I can't say for sure you have a problem either, but I'd be suspicious of it. Now, with this Host file entry thing, were you using a premade HOST file that BLOCKS malware domains (such as MVPHosts) or were these entries found in your original Windows HOST file? If they were in the original HOST file, you may have yourself a problem.

    Do some other scans, if it finds anything, research what it found, and yeah, I'd think about doing some calling to my banks and such and changing up my passwords.
     
Loading...
Thread Status:
Not open for further replies.