Hack 1314 Paste problem

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by A_Ronald, Jan 22, 2008.

  1. A_Ronald

    A_Ronald Private E-2

    Several computers at our school have been disabled by something that takes control of the cut / paste process. all pastes in provide the following
    ???????????????? http://www.hack1314.com ??QQ:39722181
    this is in Thailand, only search results I find on the net seem to be in chinese
    HELP PLEASE


    Thanks
    A_Ronald
     
    Last edited by a moderator: Jan 23, 2008
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

  3. A_Ronald

    A_Ronald Private E-2

    Thanks
    Combofix.exe as recomended seems to have fixed the problem (on three machines so far)
    It took several runs and a few of the dreaded blue screens but it worked in the end
    so alls well etc.
    Question:
    Why did the other virus scanners miss it?

    If I knew what files to submit I might send samples to some virus scanner producers so they can include it in their next issue.

    Two of the computers did not have internet connections so it must be spread via memory sticks.
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    ComboFix...just like other tools, is not 100% ...so there well may be other malware still in the system ..you need to attach the requested logs so we can be sure there is no more infections.
     
  5. A_Ronald

    A_Ronald Private E-2

    Sorry, maybe I did not explain myself well.
    ???????????????? http://www.hack1314.com ??QQ:39722181
    The dammed things back again
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  7. A_Ronald

    A_Ronald Private E-2

    I know, I know
    I have 40 machines and two hundred kids to look after and no internet connection at home. so sometimes things go slowly.
    I thought combofix had sorted it but it came back on one machine and combo fix didn't work the second time.
    I looks like SFF.exe is hitching a ride on memory sticks along with autorun and sets both up as a hidden system file and runs when you insert the disk
    Yes I will start the process again as soon as time permits and advise you of the results
    Thanks
    Ronald
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Gezzzz.....think you need to image the system when clean and just re-image. Or set some restrictions. :)
     
  9. A_Ronald

    A_Ronald Private E-2

    Yep
    The plan was to set up one machine, let it get dirty and find out the problems.

    Set up another machine clean

    Updating to macromedia 8, windows 2007 issue. php/mysql a server and all the other good stuff that is not on the machines at the moment, then image it to all the other machines.

    Last night I spent 4 hours rebooting at Windows install because of of an I/O problem,:cry getting tired of this, but will buy a new disk tomorow
    Stubborn is my middle name
     
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    All I can say is "Good Luck!!"
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds