 |
AutoHotkey Community
Let's help each other out
|
| View previous topic :: View next topic |
| Author |
Message |
Buckie
Joined: 13 Feb 2008
Posts: 12
Location: Denmark
|
 Posted: Wed Mar 05, 2008 9:15 am Post subject: |
 |
|
| Oberon wrote: | | What's the email address of the PayPal account it sends you to? |
I curse myself for blocking it now, cause that would really have helped alot - the link just said "www.paypal.com" but computers don't go to links like that for nothing, we all know that and I strongly doubt that paypal would use that kind of "advertisement"
| lexiKos wrote: | It is relatively easy to inject code into a running process (at least if you are an administrator?)
|
I am, its a home PC
| lexiKos wrote: |
but like you said, why would anyone bother? Maybe the (hypothetical) virus hijacks a random process to disguise itself?
|
Yes thats hypotheical possible, although i think the chance of something like that happening is VERY slim.And the strange thing was, that the program was NOT running at all (when i checked after firewall prompting). I checked my running processes to see if it somehow failed to closed correctly, but no nothing. (I was playing a game full screen with a minimum of app running in the back, at the time)
I know it must have been running when it wanted to launch mozilla, otherwise the firewall would be bugged (and lets just exclude that one)
So something must have launched it, as a background process and then tell it to go to these pages.
I searched my registry for "paypal" and it found nothing. Since I have a firewall running (and its prompting both in and outgoing "firsttimers") the chances of someone remotely activating the application are slim to zero.
So status is that :
1 : the exe file have been checked, dobbelt checked, and its not infected, bugged or corrupted.
2 : No "weird" strings have been found in the exe file(at least not in Unicode)
3 : SmartGui.exe was not running (under my authority) when it happened
4. I searched my registry for "paypal" and found 0 items
next we have story's about how gnomes, and midgets might be taking over my desktop and turn it into a waffle bakery
I mean this its hopeless, there is no chance of ever getting to know what did this, someone did it and whoever that was he/she must truly be a mastermind.
If anyone has any idea to as what more can be done to figure out what caused this problem, please add it. |
|
| Back to top |
|
 |
Rajat
Joined: 28 Mar 2004
Posts: 1715
|
| Posted: Wed Mar 05, 2008 2:25 pm Post subject: |
|
|
1. Though both the exes are now decidedly proven same, but to negate the doubt raised about having questionable code in compiled file and not in posted code, just run the file with the command line parameter 'GiveMeSource' to get the source to the file you hold.
2. From my little knowledge about these things, I know that some malwares disguise themselves as another process (process injection/hijacking). Though most of them masquerade as browsers, its not difficult to assume that one could code something that uses a random process (as lexiKos mentioned).
best regards.
_________________
 |
|
| Back to top |
|
|
Azerty
Joined: 19 Dec 2006
Posts: 58
Location: France
|
| Posted: Wed Mar 05, 2008 4:30 pm Post subject: |
|
|
Buckie :
to find more information :
- google tcpview (from former sysinternals, now microsoft) and run it to identify process connecting to paypal by PID (process ID)
- google procexp (from former sysinternals, now microsoft) and run it to
have exact location of the process associated to PID on disk, to see if it's your real browser + check the PPID (Parent PID) to identify the process which really launched the PID identified process
- google listdlls (from former sysinternals, now microsoft) and run it to
have a list of dlls visible by the processes of PID and PPID identifiers
- google HijackThis (by Merijn, should be @ http://www.merijn.org/files/hijackthis.zip) to check if browser config has been tampered with
- google online scanner to find (for instance) this or that to scan your PC... Remember that some AV see things others don't see => the more you run, the better will be the info
I've exhausted the main ideas for now, and, we're becoming off-topic in this forum named - Bug Reports -
Good luck |
|
| Back to top |
|
|
ahklerner
Joined: 26 Jun 2006
Posts: 1004
Location: USA
|
| Posted: Wed Mar 05, 2008 4:33 pm Post subject: |
|
|
it would be as simple as compiling the following script and naming it SmartGUI.exe........
| Code: | run, http://www.paypal.com
|
_________________
 |
|
| Back to top |
|
|
neXt
Joined: 19 Mar 2007
Posts: 367
|
| Posted: Tue Apr 01, 2008 10:33 pm Post subject: |
|
|
since topic about smartGUI is already started i would like to add something.
I run Win XP, SP2 and on my system smartGUI is not working properly, for example, a bug: when i try to open a script from a menubar, application's controls freez, meaning app. is working, but it's controls turn into dummies. However, on Vista same version works just fine. Any sollutions? |
|
| Back to top |
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|
FAQ
Search
Memberlist
Register
Profile
Log in to check your private messages
Log in
