Solved

SQLite Trojan, Worm or Virus entered thru browser

Posted on 2011-02-28
10
978 Views
Last Modified: 2012-05-11
Muy importante, por favor,

An SQLite Tracking Cookie Trojan, Worm or Virus attacked and entered through my original Firefox browser by attacking the SQLite program attached to the Firefox browser.  My mother has been hit with the same thing on her PC.

All of the browsers I have used in the past do not subdue(not activate)  the tracking cookie. I'm currently using the Google Chrome browser, because it is the only browser that stops the trojan from at least activating but obviously doesn't kill it. My AVG Internet security firewall and antivirus don't identify or isolate it either. I've tried antivirus programs and nothing.

I immediately also had to uninstall any programs such as MS SQL Server 2005 off of my computer since the bug was attacking it and it was acting erratic. I need a registry fix for this fast, so I can start building databases again and load them on to my computers.

Both my laptop and my desktop OS have been infected. If Microsoft or an Open Source has a patch to kill this bug please let me know, I've never found it. I really like how the user is the software quality control over the last 10yrs. Whatever happened to taking the bugs out yourself and browser testing?

I don't feel comfortable doing any type of software development with this ugly mess sitting in the shadows and exacerbating the problem to a website online possibly infecting someone else.

Thanks.
pmrush2112
0
Comment
Question by:pmrush2112
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35000115
Could you please let us know the name of the Virus or Trojan? and What security software are you using currently.

As far as I know Firefox used SQLLite to keep track of most of the things you do with Firefox, like browser preference, cookies, downloads etc.

Sudeep
0
 

Author Comment

by:pmrush2112
ID: 35000366
You are correct about the use of SQLite by the Firefox browser and others. However, the trojan is using SQLite to gain access presumably through Port 80 and onto my PC. I don't know what the name of the specific bug is, that is what I'm trying to find out.

The AVG Internet Security 3-Pack version 9.0.872 is what I use for the main anti-virus and firewall. Licensing is current.

Thanks.
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35000584
I am fairly sure that the infection is spread by a 'cookie' left in your FF browser.


Download, install, and run
CCleaner (www.ccleaner.com)

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).


You might want to review my Article here for more details:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35000778
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35116909
I second SSharma on Hitman Pro.  Combo Fix/MBAM are great but alot of Spyware/Malware writers are aware it's one of the first folks will use.  Some things neither will resolve that Hitman Pro takes care of in two seconds.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Expert Comment

by:younghv
ID: 35116932
BGTSLLC,
Once again you are posting "advice" that is clearly wrong.
You obviously have no knowledge of repairing malware infections and I must ask you to stop posting in these Zones.

I am asking the Moderators to address the problems you are creating.
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35116983
Wow.   But since you went there:

1.  Improper?  How so?  In quite a few instances running all of these scans don't work as evidenced by the numerous back and forth comments of using this and that.

2.  Actual knowledge?  What proof of my lack of knowledge do you have?  Can you validate your statements at least as FACT?  Have you validated my real world results and been able to consistently show otherwise that I'm incorrect and have yielded wrong results?

3.  Consistently wrong (and dangerous) how?  Do you have any documented examples where my advice has directly resulted in harm?

The beauty of the internet allows you to make a "defaming" and "slanderous" comment without actually having to validate if what you say is actually true.  In that regard; you are reckless because in a court of law you would be proven otherwise.   But of course you can offer pure speculation without having to even remotely validate your supposedly "correct" assessment.
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35117022
In your profile you say this about yourself:

*****
I do this EE stuff for fun and don't give a Flying Flip about points - but I do care about good manners. EE is a fun place when everyone shows a little courtesy.
*****

Now since you have desired to get the Vee Mods involved; that would also mean I'm equally entitled to "fair trial" versus being assumed guilty so please explain to me how you have maintained any of what you say in your profile?

If you disagree with my approach; I can think of at least 2-3 different ways that could be addressed.  In dealing with customer infections on a daily basis there are numerous things to attempt prior to running something in safe mode.  Safe mode should always be a last resort; but in todays world of Spyware/Malware infections; it is often times a required one.  I have a vast array of utilities in my arsenal to dispose of Spyware/Malware infections or at least repair the OS enough to allow for the installation of software that will then remove it; but in a growing number of instances; cookie cutter resolutions on the customers dime don't always work to resolve them.  Running a Hijack this is great if you want to really see all the things that are occurring; but it's also something normally run when you either know the PC is infected and can't remove it; or suspect as such based on how the system is performing.  That is great if the end user wants to know the finer points and have a better understanding.  However in majority of cases; the customer simply wants the pc fixed; plain and simple.

So while you may disagree; I don't see based on your supposed "good" manners how that means making comments that you can not factually validate.  
0
 

Author Closing Comment

by:pmrush2112
ID: 35118715
I just want to say sorry younghv for taking so long to get back to you. I've been totally focused on interviewing and searching for a Business Analyst position that I've neglected to come back to the sight.

I'm hoping all that it is is a zombie cookie. I deleted out of firefox from the registry and it is no longer there, unless there are hidden files not in the firefox folder I deleted.

I won't really know until I can make space to load MS SQL Server on my PC. I could have sworn MS SQL got really buggy when I loaded it but I could be wrong.

I can tell you I have no problems with Google Chrome which apparently is not alerting my AEG Firewall every time the browser starts like IE and Firefox.

Hopefully its just zombie cookies. The fact that the people who write this malware are not rotting in prison or being hung from a tree is beyond my understanding, since they attack every aspect of our global world.

As far as the two guys going at cyber wars I appreciate the passion for trying to keep BS marketers off of this valuable resource but the fact is everyone can agree that since this is Experts Exchange if your not an expert keep it to yourself.

People need solutions and not to be mislead. Amen.

Now find out who these Malware freaks are and learn how to be a responsible hacker and send these freaks a return favor, since they have an upper hand. The world would be better off if we could send something down the pipeline and have their computer burst into flames.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35118889
Thank you for the comments.
Malwarebytes is an incredibly powerful program - both for protection and repairs.

The good news is that if you buy the professional license (about US$25 - for your lifetime - for every subsequent computer you buy - one at a time of course - phew!) the protection will be outstanding.

I have been loading it on customer's computers for about a year now (mostly home users) and have not had one single infection reported.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now