HALP!! Port 80 shut down.

EdFred

EdFred

Taxi to Parking
Joined
Feb 25, 2005
Messages
30,328
Location
Michigan
Display Name
Display name:
White Chocolate
I got partially hit with something this morning. The filename was oycqfskaffm.exe and it embedded itself in my temp folder of my local settings folder. This one was a sneaky bastard because as soon as it ran it disguised itself as antivirus software but it disabled the actual antivirus program and prevented task manager from running so you couldn't shut it down manually. It also disabled port 443 and 80. I was able find the services to enable secure browsing but can't find what I need to re-enable http (port 80).

Posted from Droid.


Oh byeah, the culprit....that facebook status collage.....I'm looking at you Scott.
Someone want to call me on this? Thanks

Seis uno seis
Hachi ni ni
Sieben eins funf eins
 
EdFred said:
Oh byeah, the culprit....that facebook status collage.....I'm looking at you Scott.
Click to expand...
Hmm I did not get hit with that. I did not even get a warning. Are you sure that was the source?

--UPDATE--
Oh wait I accessed that from my Mac. That is probably why I got no computer herpes. ;)
 
when i opened that dumb status collage it just froze up my browser.
 
Found the issue. It did install crap ware, but it also configured my computer (both IE and Google Chrome) to use a proxy server - presumable theirs. Google Chrome's help pointed me in that direction, where as M$ just said "check your firewall settings" and said nothing of a proxy - back on a regular computer now.
 
ScottM said:
Hmm I did not get hit with that. I did not even get a warning. Are you sure that was the source?

--UPDATE--
Oh wait I accessed that from my Mac. That is probably why I got no computer herpes. ;)
Click to expand...

100% sure it was the source. I looked at yours last night, but closed out of it before it did anything. Someone else had the same thing up this morning and bam.

Both gave me a Sun Microsystems popover like Java was doing something, and then it hit me. My Win7 box didn't get infected, the XP did.
 
EdFred said:
Found the issue. It did install crap ware, but it also configured my computer (both IE and Google Chrome) to use a proxy server - presumable theirs. Google Chrome's help pointed me in that direction, where as M$ just said "check your firewall settings" and said nothing of a proxy - back on a regular computer now.
Click to expand...

Yep...lots of them grab your proxy settings.
 
My stepfather's computer got hit with something Sunday that set both FireFox and IE to use localhost as a proxy. I have him running as a guest account, and the administrative account was fine. Just went in, told both not to use a proxy, and updated his anti-virus. Seems to be fine now.
 
It seems like the majority of spyware / rogue AV's / crapware / botware / spamware do that now. Then when the proxy gets shut down (or a legitimate AV partially removes the garbage), either the proxy no longer works, or it's blank. Either way, the connection gets broken.

-Rich
 
You must log in or register to reply here.
Back
Top