Options
Virus or Spyware from Well Known Website
Two days ago I got a warning from my ZoneAlarm program
that the file blah.exe was trying to access the Internet. It
even said that program had accessed the Internet before.
When I searched for that filename, I found it was a downloader for a worm or virus from a couple years ago.
I deleted it and ran a virus scan and came up clean, so I
assume it never got the chance to download the other
parts.
I noticed the file date/time was just a few minutes before
the warning came up, so yesterday I went back to the
site I had been using just before getting the notice ...
mail.com, a free email service. I had Windows Explorer
open to C drive root directory, where the blah.exe file
was found the day before, and sure enough before I even
entered my username/password the blah.exe file appeared
again and the ZoneAlarm warning popped up.
I can not believe a major site like mail.com could be
unknowingly infected ... my guess is it is a re-engineered
version of the original blah.exe downloader that connects
to a different site than before and downloads spyware of
some sort, but I haven't the skills to reverse engineer it
to find out what it is trying to do ... Anyone else care to
take a shot at it?
that the file blah.exe was trying to access the Internet. It
even said that program had accessed the Internet before.
When I searched for that filename, I found it was a downloader for a worm or virus from a couple years ago.
I deleted it and ran a virus scan and came up clean, so I
assume it never got the chance to download the other
parts.
I noticed the file date/time was just a few minutes before
the warning came up, so yesterday I went back to the
site I had been using just before getting the notice ...
mail.com, a free email service. I had Windows Explorer
open to C drive root directory, where the blah.exe file
was found the day before, and sure enough before I even
entered my username/password the blah.exe file appeared
again and the ZoneAlarm warning popped up.
I can not believe a major site like mail.com could be
unknowingly infected ... my guess is it is a re-engineered
version of the original blah.exe downloader that connects
to a different site than before and downloads spyware of
some sort, but I haven't the skills to reverse engineer it
to find out what it is trying to do ... Anyone else care to
take a shot at it?
0