I was researching on phones, and I got hit with a Hiloti Trojan. I'm pretty sure it was a zero day attack because I did not download anything, and on a legitimate forum site, suddenly my Java ran for no reason, then Adobe Reader crashed, and I wasn't using Java or reading pdf files. Next thing I know, mighty WinPatrol picks up some new startup items with gibberish names. The startup items kept coming on despite my efforts to delete it.
Long story short, Malwarebytes removed it, but on Firefox I still get redirected to spam pages to buy fake AVs when I click on google results (this happens very randomly and rarely, but it does and this never happened before). I already scanned with both SuperAntiSpyware and Malwarebytes, nothing.
I'm so mad Avira didn't pick anything up, but I guess it happens even to the best. Good thing WinPatrol alerted me.
Btw, I was using an outdated version of Adobe Reader Lite – lesson learned, moving to foxit. So reinstall it is : (
December 9, 2009
Do you think UAC couldve prevented this? I had it disabled.
It likely would have. If you must run under an admin account, better to keep UAC on especially since some OS security measures rely on it (IE protected mode for instance). And perhaps add SRP or Applocker too. Another security tool you could implement is EMET http://support.microsoft.com/kb/2458544
December 9, 2009
Thanks for the suggestions, never heard of EMET till now. Anyways, could I disable UAC temporarily, until I install all my apps from the reinstallation, then re-enable it? Will this have any bad effects?
None that I know of as long as the programs you'll be running are confirmed safe ones although given a choice, I'd leave UAC on and just run a file manager via right click > run as admin then browse to the folder where my setup files are and run them so that child processes will run as admin too.
With regards to EMET, I've read something a few weeks before that it helped stop some adobe exploits IF the target applications
were added to EMET's protected apps. Btw, microsoft released a free on demand scanner you can use. Maybe it can help clean out the remnants of the infection. About a 70mb download though.( http://www.microsoft.com/security/scanner/en-us/default.aspx )
Another viable option is to set up a limited/standard account and use it as your main account instead of the admin account. If certain apps like games need to run with administrator rights, you can use a program like SuRun to elevate user rights for that application. It even lets you set it up so that u can run a program with admin rights each time you open it up. Site is in german but you can click on a link to have it translated.( http://kay-bruns.de/wp/software/surun/ )
Most Users Ever Online: wp_sferrorlog
Currently Online: Ashraf
Currently Browsing this Page:
Guest Posters: 9
Newest Members: MGodoy, arbala, teddi2t, Pinsoft.Solution, hissing, ajbarka
Administrators: Ashraf (1741), Locutus (1886), amnesia (270)