On Tue, Jan 6, 2009 at 3:49 PM, Scott Raley -ITC <[email protected]> wrote:
> It probably because of a cookie.. we are finding a lot of spyware is now > launched when IE opens because a cookie starts it up. When we go delete all > the cookies the problems stop even though we are still infected.. sometimes > the scans will show the infection and in all the files there is a cookie > somewhere buried.. My IE is set to prompt me to accept cookies because of > this happening now. > > Just for my 2 cents.. Symantec and Mcafee have really started to stink > recently.. Trend isn't much better.. I've been running AVG and its been > fantastic. > > -----Original Message----- > From: Michael Grant [mailto:[email protected]] > Sent: Tuesday, January 06, 2009 1:53 PM > To: cf-community > Subject: klomp infection > > I know the cf-comm is riddled with computer gurus so I was hoping someone > might be able to help me. > > I seem to be infected with a virus that nothing seems to find. Before the > new year I noticed in task manager that I was getting extra instances of > iexplore.exe running. If I had two IE's running there would three > instances, > sometimes four. It seemed pretty benign and for the most part I would just > close the extra ones and ignore the problem. However after coming back from > the holidays I was unable to open IE. It would tell me that Internet > Explorer could not be found when I would click the icon. I did some > Googling > and after doing some reading and searching found an errant registry entry. > In HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows NT > CurrentVersion > > > Image File Execution Options I found an entry for iexplore.exe. In the > entry > there is a key for Debugger and the value is C:\WINDOWS\system32\klomp.exe. > I delete the entry and can run IE again. When I run IE the entry is > re-added > and IE breaks again. If I rinse and repeat I can get IE to work but every > time it adds the entry. I've searched my registry for "klomp" and can't > find > it anywhere else. > > I've run multiple full scans with Symantec Corporate Edition (it's my work > compy and that's what the company has) and it doesn't find anything. It has > updated virus defs. However when I run IE Symantec pops up and tells me > it's > identified Trojan.Vundo and removes klomp.exe from the windows/system32 > folder. I've run HouseCall from TrendMicro and it doesn't find anything. > I've also downloaded and run the Trojan.Vundo removal tool from Symantec > and > it tells me that Vundo isn't on my system. > > Any ideas? > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:284006 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.5
