Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

wildersecurity 1

Status
Not open for further replies.
ttmac

ttmac

Technical User
Joined
Aug 16, 2002
Messages
105
Location
IE
Has anyone experienced any problems when attempting to visit
Having read some of the threads in this forum yesterday I paid a visit and was redirected to and I believe that an attempt was made to download some malware.

Tom
 
Sort by date Sort by votes
Hi Tom.
First thing you should do is run a HijackThis log and see if you have some host file redirections. There are malwares that have a very complete list of "white hat" sites and will create spurious host file entries to block or redirect access. I dont know that that is the case here, but I would certainly check it out.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Tom
try (the guy's name is paul wilders, not wilder).

I think what you got was something search engines tie to an almost right entry.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
diogenes10,

Thanks, and have a star, I think your second reply is correct. From what I can remember, I tried wildersecurity, one "s" and from there got redirected.

I work for a large government organisation in Ireland and was in work when this happened on Tuesday. I thought no more of it until I booted up today and was informed that c:\sp.exe could not be found. It was only then that I became suspicious.

I opened regedit and performed a search for all occurances of sp.exe and then carried out a search on the internet.

I deleted the entries mentioned and everything seems to be working fine, nothing unusual. It seems that the registry changes were made but the corporate firewall trapped the downloads, so no harm done.

Things got a bit hairy when I reported the incident to what we call the internet and email police. I copied the 2 registry entries to an email and explained what had happened. I immediately got a reply from the domain admin telling me that I had a virus. Of course alarm bells started ringing with the email police and I got a phone call right away. It seems that the virus scanner on my machine did not catch this virus, neither did my local server and it was only when it reached the domain server that alarms went off. Bloodhound.exploit.6 seemed to be the culprit

Needless to sy the internet/email police were running around like headless chickens when I explained what had happened cos they were thinking it got past the firewall, the server, my PC, back across the server to the domain server and only then did the alarms go off.

In the end it turned out to be a false alarm, one of the strings in the registry entry was picked up be heuristic scanning.

As an answer to the threat all of the sites I visited yesterday were blocked, including TekTips. I have been given the all clear since and hopefully they will lift the block on TekTips and some of the others.

I have to say that I am a regular reader and sometime contributer to TekTips and only for the knowledge that I have learned through this forum I would have been none the wiser. I was a step ahead of the internet police when they called.

Thanks again for your help.

Tom.
 
Upvote 0 Downvote
You're welcome, glad I could help.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top