It was part of a background trojan I suggest you immediately run MBAM or SAS with quick scan first and then full scan. No one mentioned a false positive.
Personally I feel AdAware is no longer what it was, it is now more a waste of HDD space when compared to MBAM or SAS and the only thing going for windows defender is that is has resident protection, which neither SAS or MBAM have in the free version.
I think you will see that the first time you run SAS and MBAM.
MBAM = MalwareBytes AntiMalware = MBAM free
MBAM Pro = MBAM Pro
Thanks guys. I’ve been hearing the same about Ad-Aware a lot recently. It’s unforunate.
Thanks for the links.
Now… I have to wonder HOW I got this ~.exe on my computer. I scan all files with Avast! before running their installs, and I don’t normally download anything that isn’t popular. I’ve recently installed DVD burning software, but AFAIK it’s popular software, and I downloaded them from the official sites.
I am wondering if someone actually got into my computer from this… grrr. >:(
Most likely, you visited a site which itself was infected - even legitinate ones. Or you received a popup indicating that you needed a malware program and you terminated it by clicking ‘close etc’ or even the ‘red x’.
In my client’s case, it was one of the above or from a P2P site (in their case free lyrics).
Installation of programs is far the least likely method of getting infected.
When I get browser pop-ups, I can tell if the buttons are real or fake, so it wasn’t that.
I DID just go to some free song lyrics websites, and they always have tons of crap on their pages. Also, I have been to torrent search websites recently. So, that sounds like the most likely cause.
I am in disbelief… a browser exploit allowing a backdoor to be installed? I wonder what the point of this backdoor was. I wonder if it’s just some script kiddie messing around. I also wonder why Windows Firewall doesn’t at least notify me and ask me if connections to/from this backdoor are legit, because I certainly would not have allowed them. Perhaps it never ran. The file date was Dec 2007, so it could have been on my system for a year, or perhaps the file date is meaningless.
Firewalls do not protect against compromised web sites. I have never heard of Windows Defender doing anything against rogue exploits. I would not trust the date of the file.
As sunrisecc mentions,a firewall isn’t effective against this type of exploit as a firewall is expecting traffic back because you initiated the outbound connection, yes they would block unauthorised inbound connections if you didn’t initiate the connection.
A backdoor, is almost self explanatory to allow ‘stuff’ (sorry about getting technical) into your system bypassing your security.
The windows firewall is about as much use as a chocolate fire-guard as the XP one provides zero outbound protection and the Vista one has it disabled by default. Even when the Vista firewall outbound protection is enabled it is rule based and the user has to create the rules, so not very user friendly.
Thank for all the help guys. It is much appreciated!
I am running Windows XP SP3. Ok, I understand the Firewall concept. I could install a Firewall that asked for EVERY connection, which is totally user-UNfriendly, but it would have stopped this backdoor from working unless I was stupid enough to allow it.
It appears ~.exe is actually a dropper… which is a backdoor, I guess, since it allows the downloading and installing of whatever it wants.
I am thinking that it is unlikely a personal actually went sniffing through my files since I didn’t notice any activity, and nothing else on my system was infected with anything virus-like. However, the dropper could have downloaded a perfectly good (i.e. non-virus) program to run and act as a backdoor, so I wouldn’t have noticed anything. Avast! did report some virus in memory but because the pop-up disappear (since I was typing as it came up, and my typing cancelled the dialog box >:( ) I am not sure what it actually was. Avast! no longer reports ~.exe as a problem as you can see from my VirusTotal.com report above.
If I really did get ~.exe from a website, then they knew my IP, as well, which means they could have gotten straight to my computer the moment I got it. >:( But… I am behind a router, which is a hardware firewall! Question: Would my router have blocked the backdoor?
If a website (bonafide) is contaminated, no firewall (hardware or software) will stop it. I could post links to malware-infected websites but do not because of two reasons. Firstly, the owner may have cleaned it up by the time this is read. Secondly, someone may actually click on the link and then it is too late.
