I think it's a bit ironic that I spent hundreds of dollars on antivirus and antispyware software, yet the one that really gave me "clear and convincing evidence" of a breach to my Vista PC's security was a little freebie utility called
Norton Security Scan, (included in Blogger's parent company's self-titled
Google Pack). But don't get me wrong, it's not like Norton Security Scan really worked, and actually discovered the malware I contend my PC was infected with. Like all the other products, it loudly proclaimed my computer to be
free of all viruses and spyware. But the following screen captures show a couple of other gems apparently either hiding on my PC or -- more likely in my opinion -- residing on the host computer. It became my theory, and still is, that my machine became (and probably still is) a client to a hacker's host computer, with him pulling all the strings. I am guessing that I connected to his machine transparently upon log-on if there was an internet connection. And if there was no connection, my computer synced with his at the first opportunity.
The first of two more incriminating screen captures from Norton Security Scan shows a file called
dnsrxpob.exe, below, in the c:\windows\system32 folder. I knew from my limited knowledge that the
system32 folder is where a lot of malware likes to hide out. Googling the file name, I found out that it's evidence of a mass-mailing Worm that Symantec calls
W32.Stration.DD@mm (how do they come up with these names?).
Info about this worm can be found on Symantec's site.
The second screen capture, below, shows
Swartax. This one's name alone kind of made me think "malware", and sure enough, it's a Trojan/Backdoor according to
Sophos's threat analysis. Pausing the scanner to take screen captures and notes led, again, however, to a "spontaneous" reboot of my Vista PC. I felt a mixture of elation to finally be "onto him" (whoever "he" was/is), and dread that no software I installed seemed capable to actually discover these files themselves (I had to
google them?!) and disinfect my machine. My theories on that will be forthcoming.
The second screen capture, below, shows Swartax. This one's name alone kind of made me think "malware", and sure enough, it's a Trojan/Backdoor according to Sophos's threat analysis. Pausing the scanner to take screen captures and notes led, again, however, to a "spontaneous" reboot of my Vista PC. I felt a mixture of elation to finally be "onto him" (whoever "he" was/is), and dread that no software I installed seemed capable to actually discover these files themselves (I had to google them?!) and disinfect my machine. My theories on that will be forthcoming. 
No comments:
Post a Comment