On Wed Apr 21, 2010; Bob Sneidar bobs at twft.com wrote:
Hi Wilhelm.
(snip). So it does not surprise me that your visiting a reputable site
resulted in an infection. What DOES surprise me is that your antivirus
(assuming it is up to date) did not catch it. Perhaps this happened
before you installed the antivirus?
The hsyfea.exe looks like a random file name, which was typical of a
particularly nasty bit of malware I came across a while back called
coolwebsearch. The installer installed several variants of itself
using random file names, which required a program called HijackThis
and a series of safe boots to remove the hijacker. Even then, with
some flavors of the "adware" you never got all the pieces, and the
recommendation at that point was a clean reinstall.
The other one turned up some interesting google hits. I believe this
to be a particularly nasty one, but if your Antivirus found it, then
it should have prevented it, unless as I said, you got it before you
installed Antivirus. If you got it first, then there is a possibility
it installed a rootkit, in which case nothing but a wipe and reinstall
to a new partition, and to be safe, a reset of the CMOS first, will
guarantee it's removal.
My condolences.
Bob
Hi Bob,
Again, thanks for your feedback and your condolences!
My Antivirus had been in place *before* my computer was infected. The
software had been installed by an IT-competent colleague, but - as I
understand now - set to a medium scan level to prevent too much delay on
startup of the computer. I had changed the scan level to "high" after I
had experienced the constantly appearing ads and subsequently found the
two viruses.
Two findings concerning the Internet Explorer on my WindowsXP machine,
which cannot be removed, but apparently somehow deactivated by
transferring a number of movable supporting files to another folder:
- IE can no longer be started even if you click directly on the exe-file.
- There have been no automatic updates of WindowsXP since I have
deactivated the Internet Explorer, which could mean that IE plays a role
in the update process.
Best regards,
Wilhelm
_______________________________________________
use-revolution mailing list
use-revolution@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-revolution
