I have been dealing with this piece of crap *** Trojan for about a month now and most of the info on the ffxi entry page is correct, look for these files.
these will be in;
C:\windows\temporary Internet files
mm[1].jpg
f**ksnow.exe
search.exe and or search[1].exe or searchnow.exe
muma[1].exe --- this installs Intnet.exe and blackhole2005 Trojan
alt70.dll in c:\windows\system
syssmss.exe in C:\programfiles\Internet explorer
in each case upon disinfecting my machines with this pain in the ***, my log files show files being installed from the C:\windows\Downloaded program files\ but every search for these files has come up with nothing in that folder however log shows cleaned muma and the f***ksnow.exe cleaned from that folder. I wonder how they are being hidden from a visual scan of the folder?
Also a reg key is created in the HKLM_software/microsoft/windows/current version/run that loads syssmss.exe upon boot, delete this key.
I know of 5 websites that have hacked adds producing this Trojan and I have seen it in 3 forms all dropping similar files on my comp. Until webmasters get a handle on this thing the best defense I have found is keep a search window open and every time you visit a news site or any site you think may be propagating this thing, after the page loads, do a quick search in C:\windows\temporary internet files\
and search for *.exe
and search for *.txt
when you find a page that installs either a .txt or a .exe in that folder then you found a site that’s been hacked and is putting a Trojan on your machine. The bad part is when you find the site then you have to look for all the stupid files it installs on your pc. I am running about 3 diff operating systems on 4 machines and it hits all winME,2k,and XP OS's. Funny I haven’t had a problem with the win98se boxes.
Hope this helps.
Edited, Mon Oct 10 06:19:41 2005 by SWSeeker
- Forums
- Cross Site
- Computer Hardware & Troubleshooting
- more info on syssmss.exe
more info on syssmss.exeFollow
15 posts
man... this is all so overwhemling for me... i've got this virus and so far only been able to delete the syssmss.exe =/ i guess i better get to work at finding the rest of the virus x.x; i'm having trouble with finding the ************ and muma.exe, but your suggestion to run a search is obviously what i need to do next. thanks for the info
******* internet, we're never safe =/
i'm also getting a POL error like everyone else, unable to even log in.. T-T;
******* internet, we're never safe =/
i'm also getting a POL error like everyone else, unable to even log in.. T-T;
This is why I use firewalls like Zonealarm (Free, good, will stop this pest most likely). When it asks if the program that loads itself up and downloads the program wants to connect, just deny it access. There, problem solved, I'd hope.
Also, it'd be a good idea to use spyware tools, and use HijackThis with *extreme* caution (as in google any enteries to see what forums say on them before deleting them).
Worst come to worst, you can "repair" your OS, which will essentially clean the regs, iirc. Keeps the files there, you just need to reinstall. Everything. >.<
Also, it'd be a good idea to use spyware tools, and use HijackThis with *extreme* caution (as in google any enteries to see what forums say on them before deleting them).
Worst come to worst, you can "repair" your OS, which will essentially clean the regs, iirc. Keeps the files there, you just need to reinstall. Everything. >.<
Recent Visitors: 15
All times are in CST
Anonymous Guests (15)
- Forums
- Cross Site
- Computer Hardware & Troubleshooting
- more info on syssmss.exe
© 2025 Fanbyte LLC