im getting this from members who belong to this forum off of facebook they dont want to come back in here for fear there getting this problem from this site .. me i run linux and free BSD so the odds of me getting it is nill just figured id pass there message along
original post found here on VAPORS LOUNGE facebook Login | Facebook
========================== snippit ==================================
Sharon Angleman Goodson Update for those interested and/or knowledgeable about these things: At this point I believe the trojan is coming in through a YUI java utility and is possibly ad-related. But it definitely came in from ECF - this last time all related files and changes occurred at 7:07 when ECF was accessed.
I'm REALLY trying to backtrack to identify something before I clean up entirely. Much quicker this time because I know where things are hiding, what reg keys are affected, etc. Alan was on my computer early Saturday morning. IE history shows two websites (FB and ECF) accessed about the time he started experiencing issues. Not knowing my computer, he didn't allow any changes and backed away (smart guy . In trouble shooting at one point I clicked the ECF link in history - BAM "Windows Recovery" shows up, Alan confirms this is the same program. I noticed just before the "program" window appeared that a java console was loading.
I eventually decided the reappearance when I clinked ECF was a coincidence, as WR was still running at the time (and I had not yet even identified it). That was yesterday about 10 a.m.
Today about 6:30 p.m., after final cleanup touches I thought I'd catch up on FB. Interested in one of Mandy's articles, I googled the title to find the original. Most links pointed to ECF, went ahead and clicked there (not thinking twice, as it was a coincidence) - BAM, java console starts again, I see a part of a web address in the status bar http://www.e-cigarette-forum.com/forum/computer-security/www.tick...something, then up pops Windows Recovery again.
Within seconds my files were hidden again, task manager disabled, yada yada. I knew how quickly get to another task manager program (even blind), and I'm in the middle of the rest of the cleanup processes now. I've saved some of the obvious js files as text. There is also a very strange index.htlm file containing script and a long series of comma separated number sets (of two and three numerals per set).
If someone wants to pass this info along to RolyGate, maybe it will be of some use. I'm not going back to ECF until I make sure all my java, etc. is up to date. It's obviously not (yes, Alan, I know, but you know how I feel about auto updates - they've broken my machine more times than trojans have).
59 minutes ago
============================= end of snippet ===============================
original post found here on VAPORS LOUNGE facebook Login | Facebook
========================== snippit ==================================
Sharon Angleman Goodson Update for those interested and/or knowledgeable about these things: At this point I believe the trojan is coming in through a YUI java utility and is possibly ad-related. But it definitely came in from ECF - this last time all related files and changes occurred at 7:07 when ECF was accessed.
I'm REALLY trying to backtrack to identify something before I clean up entirely. Much quicker this time because I know where things are hiding, what reg keys are affected, etc. Alan was on my computer early Saturday morning. IE history shows two websites (FB and ECF) accessed about the time he started experiencing issues. Not knowing my computer, he didn't allow any changes and backed away (smart guy . In trouble shooting at one point I clicked the ECF link in history - BAM "Windows Recovery" shows up, Alan confirms this is the same program. I noticed just before the "program" window appeared that a java console was loading.
I eventually decided the reappearance when I clinked ECF was a coincidence, as WR was still running at the time (and I had not yet even identified it). That was yesterday about 10 a.m.
Today about 6:30 p.m., after final cleanup touches I thought I'd catch up on FB. Interested in one of Mandy's articles, I googled the title to find the original. Most links pointed to ECF, went ahead and clicked there (not thinking twice, as it was a coincidence) - BAM, java console starts again, I see a part of a web address in the status bar http://www.e-cigarette-forum.com/forum/computer-security/www.tick...something, then up pops Windows Recovery again.
Within seconds my files were hidden again, task manager disabled, yada yada. I knew how quickly get to another task manager program (even blind), and I'm in the middle of the rest of the cleanup processes now. I've saved some of the obvious js files as text. There is also a very strange index.htlm file containing script and a long series of comma separated number sets (of two and three numerals per set).
If someone wants to pass this info along to RolyGate, maybe it will be of some use. I'm not going back to ECF until I make sure all my java, etc. is up to date. It's obviously not (yes, Alan, I know, but you know how I feel about auto updates - they've broken my machine more times than trojans have).
59 minutes ago
============================= end of snippet ===============================
Last edited by a moderator: