Guest Sammy Castagna Posted December 8, 2008 Posted December 8, 2008 I have goggled this and can find nothing. It just popped up yesterday asking for access to an http address. Anyone know anything or recognize it? Quote
Guest David H. Lipman Posted December 8, 2008 Posted December 8, 2008 From: "Sammy Castagna" <sammycastagnahotmail.com> | I have goggled this and can find nothing. It just popped up yesterday asking | for access to an http address. Anyone know anything or recognize it? Please submit a sample to Virus Total -- http://www.virustotal.com/flash/index_en.html The submission will then be tested against many different AV vendor's scanners. That will give you an idea what it is and who recognizes it. In addition Virus Total will provide the sample to all participating vendors. You can also submit a suspect, one at a time, via the following email URL... mailto:scan@virustotal.com?subject=SCAN When you get the report, please post back the exact results. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest dave xnet Posted December 8, 2008 Posted December 8, 2008 On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" <sammycastagnahotmail.com> wrote: <span style="color:blue"> >I have goggled this and can find nothing. It just popped up yesterday asking >for access to an http address. Anyone know anything or recognize it? ></span> Unfortunately, the malware is probably geneating a random name - that's why it''s not recognized. MalwareBytes is a respected name in fighting this kind of thing. Start here: http://www.malwarebytes.org/forums/index.php?showtopic=2936 Basically it tells you to run some tools and post the resultanrt logs. The experts on the forum will assist you. Good luck Quote
Guest Sammy Castagna Posted December 9, 2008 Posted December 9, 2008 Thanks Dave and David, I just reformated a month ago. Sammy "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com...<span style="color:blue"> > On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" > <sammycastagnahotmail.com> wrote: ><span style="color:green"> >>I have goggled this and can find nothing. It just popped up yesterday >>asking >>for access to an http address. Anyone know anything or recognize it? >></span> > Unfortunately, the malware is probably geneating a random name - > that's why it''s not recognized. MalwareBytes is a respected name in > fighting this kind of thing. > Start here: > http://www.malwarebytes.org/forums/index.php?showtopic=2936 > > Basically it tells you to run some tools and post the resultanrt logs. > The experts on the forum will assist you. > Good luck </span> Quote
Guest John Posted December 9, 2008 Posted December 9, 2008 You said S7jfwb07.exe just popped up yesterday asking for access to the internet. Now you say you formatted a month ago. Is your PC infected before or after the format? "Sammy Castagna" <sammycastagnahotmail.com> wrote in message news:u9pASoZWJHA.1248@TK2MSFTNGP03.phx.gbl...<span style="color:blue"> > Thanks Dave and David, > > I just reformated a month ago. > > Sammy > > "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message > news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com...<span style="color:green"> >> On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" >> <sammycastagnahotmail.com> wrote: >><span style="color:darkred"> >>>I have goggled this and can find nothing. It just popped up yesterday >>>asking >>>for access to an http address. Anyone know anything or recognize it? >>></span> >> Unfortunately, the malware is probably geneating a random name - >> that's why it''s not recognized. MalwareBytes is a respected name in >> fighting this kind of thing. >> Start here: >> http://www.malwarebytes.org/forums/index.php?showtopic=2936 >> >> Basically it tells you to run some tools and post the resultanrt logs. >> The experts on the forum will assist you. >> Good luck</span> > > </span> Quote
Guest Sammy Castagna Posted December 9, 2008 Posted December 9, 2008 John, I assume yesterday. I was given a newer computer and I loaded my copy of windows a month ago I was just thinking of the hassle, sorry for the confusion. The computer is trying to access 216.95.196.22 HTTP.I am very careful to watch Zonealarm for abnormal behavior. Also when I search for the file on my computer this new search device Microsoft has got out where it indexes everything says c drive has not been indexed and file can not be looked for. I will get back with you all tomorrow I have to get up 5:00 am est Sammy Castagna "John" <a> wrote in message news:egIgOsZWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > You said S7jfwb07.exe just popped up yesterday asking for access to the > internet. Now you say you formatted a month ago. Is your PC infected > before or after the format? > > "Sammy Castagna" <sammycastagnahotmail.com> wrote in message > news:u9pASoZWJHA.1248@TK2MSFTNGP03.phx.gbl...<span style="color:green"> >> Thanks Dave and David, >> >> I just reformated a month ago. >> >> Sammy >> >> "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message >> news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com...<span style="color:darkred"> >>> On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" >>> <sammycastagnahotmail.com> wrote: >>> >>>>I have goggled this and can find nothing. It just popped up yesterday >>>>asking >>>>for access to an http address. Anyone know anything or recognize it? >>>> >>> Unfortunately, the malware is probably geneating a random name - >>> that's why it''s not recognized. MalwareBytes is a respected name in >>> fighting this kind of thing. >>> Start here: >>> http://www.malwarebytes.org/forums/index.php?showtopic=2936 >>> >>> Basically it tells you to run some tools and post the resultanrt logs. >>> The experts on the forum will assist you. >>> Good luck</span> >> >></span> > > </span> Quote
Guest FromTheRafters Posted December 9, 2008 Posted December 9, 2008 "Sammy Castagna" <sammycastagnahotmail.com> wrote in message news:Ov7uFtYWJHA.2080@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> >I have goggled this and can find nothing.</span> Perhaps your goggles are dirty. style_emoticons/\ <span style="color:blue"> > It just popped up yesterday asking for access to an http address.</span> File names are often useless information. Better information would be the address you neglect to mention - but that could be useless as well. <span style="color:blue"> > Anyone know anything or recognize it?</span> You should have the executable scanned by software designed to find out if it is a known malware program. Try jotti.org or virustotal.com. Quote
Guest Sammy Castagna Posted December 9, 2008 Posted December 9, 2008 John David Dave, AS soon as I got home I deleted the microsoft search indexing tool and went back to the find that used to be on win xp.I have fonf the file. S7JFWBO7.EXE-OC7ED4DB.pf S7jfwbO7 S&jfwbO7.exe.a_a Two are in folder C:\WINDOWS\system32 The other is C:\WINDOWS\Perfetch In your opinion is the Zonealarm firewall antivirus a good solution? Sammy "Sammy Castagna" <sammycastagnahotmail.com> wrote in message news:OwWK3UaWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:blue"> > John, > I assume yesterday. I was given a newer computer and I loaded my copy of > windows a month ago I was just thinking of the hassle, sorry for the > confusion. > > The computer is trying to access 216.95.196.22 HTTP.I am very careful to > watch Zonealarm for abnormal behavior. > > Also when I search for the file on my computer this new search device > Microsoft has got out where it indexes everything says c drive has not > been indexed and file can not be looked for. > > I will get back with you all tomorrow I have to get up 5:00 am est > > Sammy Castagna > > > > > "John" <a> wrote in message news:egIgOsZWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> You said S7jfwb07.exe just popped up yesterday asking for access to the >> internet. Now you say you formatted a month ago. Is your PC infected >> before or after the format? >> >> "Sammy Castagna" <sammycastagnahotmail.com> wrote in message >> news:u9pASoZWJHA.1248@TK2MSFTNGP03.phx.gbl...<span style="color:darkred"> >>> Thanks Dave and David, >>> >>> I just reformated a month ago. >>> >>> Sammy >>> >>> "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message >>> news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com... >>>> On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" >>>> <sammycastagnahotmail.com> wrote: >>>> >>>>>I have goggled this and can find nothing. It just popped up yesterday >>>>>asking >>>>>for access to an http address. Anyone know anything or recognize it? >>>>> >>>> Unfortunately, the malware is probably geneating a random name - >>>> that's why it''s not recognized. MalwareBytes is a respected name in >>>> fighting this kind of thing. >>>> Start here: >>>> http://www.malwarebytes.org/forums/index.php?showtopic=2936 >>>> >>>> Basically it tells you to run some tools and post the resultanrt logs. >>>> The experts on the forum will assist you. >>>> Good luck >>> >>></span> >> >></span> > > </span> Quote
Guest Sammy Castagna Posted December 9, 2008 Posted December 9, 2008 John David Dave, Malwarebytes took it off. Thank you all. What configuration of fire wall virus spyware should I be using? Sammy Castagna "Sammy Castagna" <sammycastagnahotmail.com> wrote in message news:%23O4YNVlWJHA.5108@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > John David Dave, > > AS soon as I got home I deleted the microsoft search indexing tool and > went back to the find that used to be on win xp.I have fonf the file. > > S7JFWBO7.EXE-OC7ED4DB.pf > S7jfwbO7 > S&jfwbO7.exe.a_a Two are in folder C:WINDOWSsystem32 The other > is C:WINDOWSPerfetch > > In your opinion is the Zonealarm firewall antivirus a good solution? > > Sammy > > > "Sammy Castagna" <sammycastagnahotmail.com> wrote in message > news:OwWK3UaWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:green"> >> John, >> I assume yesterday. I was given a newer computer and I loaded my copy of >> windows a month ago I was just thinking of the hassle, sorry for the >> confusion. >> >> The computer is trying to access 216.95.196.22 HTTP.I am very careful to >> watch Zonealarm for abnormal behavior. >> >> Also when I search for the file on my computer this new search device >> Microsoft has got out where it indexes everything says c drive has not >> been indexed and file can not be looked for. >> >> I will get back with you all tomorrow I have to get up 5:00 am est >> >> Sammy Castagna >> >> >> >> >> "John" <a> wrote in message news:egIgOsZWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> You said S7jfwb07.exe just popped up yesterday asking for access to the >>> internet. Now you say you formatted a month ago. Is your PC infected >>> before or after the format? >>> >>> "Sammy Castagna" <sammycastagnahotmail.com> wrote in message >>> news:u9pASoZWJHA.1248@TK2MSFTNGP03.phx.gbl... >>>> Thanks Dave and David, >>>> >>>> I just reformated a month ago. >>>> >>>> Sammy >>>> >>>> "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message >>>> news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com... >>>>> On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" >>>>> <sammycastagnahotmail.com> wrote: >>>>> >>>>>>I have goggled this and can find nothing. It just popped up yesterday >>>>>>asking >>>>>>for access to an http address. Anyone know anything or recognize it? >>>>>> >>>>> Unfortunately, the malware is probably geneating a random name - >>>>> that's why it''s not recognized. MalwareBytes is a respected name in >>>>> fighting this kind of thing. >>>>> Start here: >>>>> http://www.malwarebytes.org/forums/index.php?showtopic=2936 >>>>> >>>>> Basically it tells you to run some tools and post the resultanrt logs. >>>>> The experts on the forum will assist you. >>>>> Good luck >>>> >>>> >>> >>></span> >> >></span> > > </span> Quote
Guest Sammy Castagna Posted December 10, 2008 Posted December 10, 2008 The damned thing came back. I tried to delete it and it said access denied. So I renamed it .old and was able to delete it. Sammy "Sammy Castagna" <sammycastagnahotmail.com> wrote in message news:encB0mlWJHA.1336@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > John David Dave, > > Malwarebytes took it off. Thank you all. > > What configuration of fire wall virus spyware should I be using? > > Sammy Castagna > > "Sammy Castagna" <sammycastagnahotmail.com> wrote in message > news:%23O4YNVlWJHA.5108@TK2MSFTNGP05.phx.gbl...<span style="color:green"> >> John David Dave, >> >> AS soon as I got home I deleted the microsoft search indexing tool and >> went back to the find that used to be on win xp.I have fonf the file. >> >> S7JFWBO7.EXE-OC7ED4DB.pf >> S7jfwbO7 >> S&jfwbO7.exe.a_a Two are in folder C:WINDOWSsystem32 The other >> is C:WINDOWSPerfetch >> >> In your opinion is the Zonealarm firewall antivirus a good solution? >> >> Sammy >> >> >> "Sammy Castagna" <sammycastagnahotmail.com> wrote in message >> news:OwWK3UaWJHA.4184@TK2MSFTNGP06.phx.gbl...<span style="color:darkred"> >>> John, >>> I assume yesterday. I was given a newer computer and I loaded my copy of >>> windows a month ago I was just thinking of the hassle, sorry for the >>> confusion. >>> >>> The computer is trying to access 216.95.196.22 HTTP.I am very careful to >>> watch Zonealarm for abnormal behavior. >>> >>> Also when I search for the file on my computer this new search device >>> Microsoft has got out where it indexes everything says c drive has not >>> been indexed and file can not be looked for. >>> >>> I will get back with you all tomorrow I have to get up 5:00 am est >>> >>> Sammy Castagna >>> >>> >>> >>> >>> "John" <a> wrote in message >>> news:egIgOsZWJHA.4184@TK2MSFTNGP06.phx.gbl... >>>> You said S7jfwb07.exe just popped up yesterday asking for access to the >>>> internet. Now you say you formatted a month ago. Is your PC infected >>>> before or after the format? >>>> >>>> "Sammy Castagna" <sammycastagnahotmail.com> wrote in message >>>> news:u9pASoZWJHA.1248@TK2MSFTNGP03.phx.gbl... >>>>> Thanks Dave and David, >>>>> >>>>> I just reformated a month ago. >>>>> >>>>> Sammy >>>>> >>>>> "dave xnet" <davexnet02DEL@ETEyahoo.com> wrote in message >>>>> news:31drj4dhgf8nbgl0gi1fp6cqogv1e2lk67@4ax.com... >>>>>> On Mon, 8 Dec 2008 18:18:22 -0500, "Sammy Castagna" >>>>>> <sammycastagnahotmail.com> wrote: >>>>>> >>>>>>>I have goggled this and can find nothing. It just popped up yesterday >>>>>>>asking >>>>>>>for access to an http address. Anyone know anything or recognize it? >>>>>>> >>>>>> Unfortunately, the malware is probably geneating a random name - >>>>>> that's why it''s not recognized. MalwareBytes is a respected name in >>>>>> fighting this kind of thing. >>>>>> Start here: >>>>>> http://www.malwarebytes.org/forums/index.php?showtopic=2936 >>>>>> >>>>>> Basically it tells you to run some tools and post the resultanrt >>>>>> logs. >>>>>> The experts on the forum will assist you. >>>>>> Good luck >>>>> >>>>> >>>> >>>> >>> >>></span> >> >></span> > > </span> Quote
Guest David H. Lipman Posted December 10, 2008 Posted December 10, 2008 From: "Sammy Castagna" <sammycastagnahotmail.com> | The damned thing came back. I tried to delete it and it said access denied. | So I renamed it .old and was able to delete it. | Sammy OK. there is a helper/peer application that is restoring the file. Download and execute HiJack This! (HJT) http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe Then post the contents of the HJT log in your post in one of the below expert forums... { Please - Do NOT post the HJT Log here ! } Forums where you can get expert advice for HiJack This! (HJT) Logs. NOTE: Registration is REQUIRED in any of the below before posting a log Suggested primary: http://www.thespykiller.co.uk/index.php?board=3.0 Suggested secondary: http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.malwarebytes.org/forums/index.php?showforum=7 Suggested tertiary: http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://aumha.net/viewforum.php?f=30 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Spiraled Posted January 10, 2009 Posted January 10, 2009 Having same problem. Just started recently. I04O8v8Q.exe is trying to access internet destination 216.95.196.22:HTTP. Being reported by ZoneAlarm. Updated definitions for adaware and avg 8.0 have not caught it. Just started the past few days. G-friend was surfing unsavory sights and downloaded it from somewhere. avg did catch two trojan horses. Could possible be something from a divX download/application. She was viewing movies and I notice this was a new folder added to my documents and icon on my desktop. Will report back if anything new arises. "David H. Lipman" wrote: <span style="color:blue"> > From: "Sammy Castagna" <sammycastagnahotmail.com> > > | The damned thing came back. I tried to delete it and it said access denied. > | So I renamed it .old and was able to delete it. > > | Sammy > > OK. there is a helper/peer application that is restoring the file. > > > > Download and execute HiJack This! (HJT) > http://www.trendsecure.com/portal/en-US/_d.../HJTInstall.exe > > Then post the contents of the HJT log in your post in one of the below expert forums... > > { Please - Do NOT post the HJT Log here ! } > > Forums where you can get expert advice for HiJack This! (HJT) Logs. > > NOTE: Registration is REQUIRED in any of the below before posting a log > > Suggested primary: > http://www.thespykiller.co.uk/index.php?board=3.0 > > Suggested secondary: > http://www.bleepingcomputer.com/forums/forum22.html > http://castlecops.com/forum67.html > http://www.malwarebytes.org/forums/index.php?showforum=7 > > Suggested tertiary: > http://www.dslreports.com/forum/cleanup > http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 > http://www.atribune.org/forums/index.php?showforum=9 > http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html > http://gladiator-antivirus.com/forum/index.php?showforum=170 > http://forum.networktechs.com/forumdisplay.php?f=130 > http://forums.maddoktor2.com/index.php?showforum=17 > http://www.spywarewarrior.com/viewforum.php?f=5 > http://forums.spywareinfo.com/index.php?showforum=18 > http://forums.techguy.org/f54-s.html > http://forums.tomcoyote.org/index.php?showforum=27 > http://forums.subratam.org/index.php?showforum=7 > http://www.5starsupport.com/ipboard/index.php?showforum=18 > http://aumha.net/viewforum.php?f=30 > http://makephpbb.com/phpbb/viewforum.php?f=2 > http://forums.techguy.org/54-security/ > http://forums.security-central.us/forumdisplay.php?f=13 > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp > > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.