Strange virus ?

Discussion in 'ESET Smart Security' started by paleskin, May 24, 2008.

Thread Status:
Not open for further replies.
  1. paleskin

    paleskin Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    11
    Recently, whenever I opened SSL links from Opera and Firefox, the browsers always freeze

    I opened the Task Manager and noticed there are several similiar processes called "IEXPLORE.EXE" up to 5-6 processes at the same time, and sometimes the "IEXPLORE.EXE" process didn't show up, but there were 2 processes such as "opera.exe" or "firefox.exe" showed up at the same time, and this only occur whenever I opened any SSL links from within the browsers

    The ESS doesn't showed up any warning at all

    Luckily I run a dual boot OS, so I booted the other OS, and it's seems fine, all SSL links were opened perfectly from either Opera and also Firefox

    I booted back into the troublesome OS, and installed Prevx antivirus, and scanned the OS, the results are keez.dll and oaphjb.dll, but since the Prevx required a license to clean them, I just delete those 2 manually from system32 folder

    I rebooted the troublesome OS again, the dll file were gone, but the occurence still persist, whenever I opened SSL links from Opera and Firefox

    It's seems like a password stealer virus to me

    Any solutions for it ?

    Thanks
     
  2. paleskin

    paleskin Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    11
    I have used hijackthis, combofix, sdfix and catchme, the logs seem pretty normal to me, or did I miss something ?
     
  3. paleskin

    paleskin Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    11
    update : fixed it, the problem seems tobe broken winsock lsp chain, fixed it, now all is well again, d@mn hacker !!!
     
Thread Status:
Not open for further replies.