What do you make of this?

Discussion in 'malware problems & news' started by AaLF, Jan 4, 2007.

Thread Status:
Not open for further replies.
  1. AaLF

    AaLF Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    986
    Location:
    Sydney
    Normally my XP boot-up is 'kicked-off' with the NOD32 splash screen. But today the splash screen cannot appear until I action this "drop-in";

    http://img246.imageshack.us/img246/8630/ggggggae7.png

    Now I tried out DSA for a few days and uninstalled yesterday. The location of the file above as you can see is from the 'uninstalled' folder where I store potential applications. Note: DSA is no longer installed yet it's popping up. As soon as I opt for cancel CyberHawk swoops in with this;

    http://img246.imageshack.us/img246/7255/gggsg0.png

    Do I kick open the WIN32 folder, barge in and beat it up with a 'right-click' on the mouse and followed up with 'the shredder'? Or are there certain subtle protocols one should follow?
     
  2. yankinNcrankin

    yankinNcrankin Registered Member

    Joined:
    May 6, 2006
    Posts:
    406
    Sounds like a legitimate program got a piggy-back but now a days you never know 'cus the doors can swing both ways, any knowledge on how a program was coded-designed can be used to exploit and the more programs the more chances for exploit thats just my personal opinion. I were you I would delete place of install then shred. Clean out registry, run your scans :D Funny thing is remenants of many different programs could be used as potential backdoors or aids in allowing malware to make way onto inviting systems. Rule of thumb when you done with something get rid of it ALL OF IT.
    :D
     
  3. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    most trojans have two parts an exe and a dll, failure to get it all often means it bootstraps back into memory and reinfects
    best to find the specific instructions to delete it manually which often means
    using Regsvr32 or employing someone's security ap to do it automatically (and sometimes with additional manual steps)
     
Loading...
Thread Status:
Not open for further replies.