| View previous topic :: View next topic |
| Author |
Message |
Chase Payne
Grandmaster Cheater
 Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
 Posted: Tue Jul 27, 2010 2:19 am Post subject: Is there a way to see what is modifying a file? |
 |
|
I have a undetected malware that is starting to annoy me:
http://forums.mozillazine.org/viewtopic.php?f=38&t=1954541&p=9678755#p9678755
And the only way to fix is by a bat file I made, but I'd rather remove it from my computer completely.
Are there any tools where I can prevent ANY changes to a certain folder, or find out what is changing it, like a troubleshoot?
Setting it to read only won't work, and again I wish too have the malware removed.
NOTE: THIS MALWARE DOES NOT HARM MY COMPUTER, IT ANNOYS IT BY DELETING A FILE AND REPLACING IT WITH A FAKE SEARCH ENGINE.
IT IS ALSO NEW, AND UNDETECTED FOR NOW.
|
|
| Back to top |
|
 |
Notepad
Grandmaster Cheater
![]() Reputation: 9
Joined: 26 Dec 2007
Posts: 722
Location: New Zealand
|
| Posted: Tue Jul 27, 2010 2:40 am Post subject: |
|
|
You can use a HIPS program to prevent changes.
Defense Wall would stop it from modifying anything but I'm not sure if it includes removal.
|
|
| Back to top |
|
|
Hero
I'm a spammer
 Reputation: 79
Joined: 16 Sep 2006
Posts: 7154
|
| Posted: Tue Jul 27, 2010 7:43 am Post subject: |
|
|
| Eset detects app changes and gives the option to deny it. Not sure if there is a program that can detect what exctly is altering. A lot of programs alter them selves without a virus too. If this is a firefox issue its self, you could try making a new profile.
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Tue Jul 27, 2010 11:28 am Post subject: |
|
|
It's a malware inside my computer that is undetected, it doesn't change anything to firefox, so it bypasses my ESET.
It simply waits for firefox to close, deletes google.xml and replaces it with a modified one to sen you to another search engine.
Even if you reinstalled firefox, same issue.
if anyone is good at hijack logs... look at this
http://pastebin.com/8hd7nXSJ
Last edited by Chase Payne on Tue Jul 27, 2010 11:31 am; edited 1 time in total |
|
| Back to top |
|
|
Domoo
Advanced Cheater
 Reputation: -1
Joined: 23 Nov 2009
Posts: 97
|
| Posted: Tue Jul 27, 2010 11:30 am Post subject: |
|
|
Use a different browser.
inb4browserwars
_________________
| MajjikelKitty wrote: | | imma pop a glock in your mouth and make a brain slushy |
|
|
| Back to top |
|
|
Chase Payne
Grandmaster Cheater
Reputation: 1
Joined: 20 Mar 2008
Posts: 533
|
| Posted: Tue Jul 27, 2010 12:59 pm Post subject: |
|
|
| This malware affects all known browsers, including Google Chrome.
|
|
| Back to top |
|
|
SF
I'm a spammer
 Reputation: 119
Joined: 19 Mar 2007
Posts: 6028
|
| Posted: Tue Jul 27, 2010 2:09 pm Post subject: |
|
|
ProcessMonitor will tell you what process is doing what. You can set up filters and crap too to narrow the results.
_________________
|
|
| Back to top |
|
|
kls85
I post too much
 Reputation: 22
Joined: 18 Jul 2008
Posts: 2757
Location: Under ur bed
|
| Posted: Tue Jul 27, 2010 2:12 pm Post subject: |
|
|
Sysinternals has program which monitors every single files that's being used in real time.
It's called Process Monitor
old name: file mon
Also it might not be a malware, but a rootkit so you can do is either
run gmer, combofix, or use hijackthis to see if you can manually delete it.
edit
SF beat me to it.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
