?

Log in

No account? Create an account

Previous Entry | Next Entry

Tracking down the malware

This is how they found  where the malware hid itself on my laptop, which is running WINDOWS XP:

1) Open up My Computer, click on C Drive
2) Click on Documents and Settings.
3) Click on Administrator
4) In the Explorer window, Click on Tools > Folder Options
5) In the Folder Options window, click on the tab.
6) Select "Show hidden files"
7) Unselect "Hide protected operating system files"

Look for a folder marker ".jnana"  That's the bad boy.

If you go into the .jnana folder, you may see files named with an IP address and a timestamp, something like
11.22.33.45_12344556789 .  Those are the output from the keystroke logger.  Look through these files for passwords and other sensitive information you've entered.  I don't know how you can tell if the logfiles have been uploaded.

There may be other places on your system where this bastard hides, according to the security experts.  If you find you've been infected, get  your system wiped and reloaded.  Nuking it from orbit is the only way to be sure.

Tags:

Comments

( 4 comments — Leave a comment )
secoh
Nov. 26th, 2010 04:52 am (UTC)
It's a deadset crime that this setting and the one that shows known file type extensions is not enabled by default.
carlfoxmarten
Nov. 26th, 2010 10:14 am (UTC)
Amen to that! Those are two of the settings that I always change every time I get a new Windows install.
sleepyjohn00
Nov. 26th, 2010 02:51 pm (UTC)
It's probably prevented more people from shooting their foot off than otherwise, but yeah.
ccdesan
Nov. 27th, 2010 05:52 am (UTC)


Clean, for now. But thanks for the info. Filth hqiz snarl scumbag hackers yarg hqiz dung-eaters...
( 4 comments — Leave a comment )

Latest Month

November 2015
S M T W T F S
1234567
891011121314
15161718192021
22232425262728
2930     

Tags

Powered by LiveJournal.com
Designed by Keri Maijala