[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1068
  • Last Modified:

SQLite Trojan, Worm or Virus entered thru browser

Muy importante, por favor,

An SQLite Tracking Cookie Trojan, Worm or Virus attacked and entered through my original Firefox browser by attacking the SQLite program attached to the Firefox browser.  My mother has been hit with the same thing on her PC.

All of the browsers I have used in the past do not subdue(not activate)  the tracking cookie. I'm currently using the Google Chrome browser, because it is the only browser that stops the trojan from at least activating but obviously doesn't kill it. My AVG Internet security firewall and antivirus don't identify or isolate it either. I've tried antivirus programs and nothing.

I immediately also had to uninstall any programs such as MS SQL Server 2005 off of my computer since the bug was attacking it and it was acting erratic. I need a registry fix for this fast, so I can start building databases again and load them on to my computers.

Both my laptop and my desktop OS have been infected. If Microsoft or an Open Source has a patch to kill this bug please let me know, I've never found it. I really like how the user is the software quality control over the last 10yrs. Whatever happened to taking the bugs out yourself and browser testing?

I don't feel comfortable doing any type of software development with this ugly mess sitting in the shadows and exacerbating the problem to a website online possibly infecting someone else.

Thanks.
pmrush2112
0
pmrush2112
Asked:
pmrush2112
  • 3
  • 3
  • 2
  • +1
1 Solution
 
Sudeep SharmaTechnical DesignerCommented:
Could you please let us know the name of the Virus or Trojan? and What security software are you using currently.

As far as I know Firefox used SQLLite to keep track of most of the things you do with Firefox, like browser preference, cookies, downloads etc.

Sudeep
0
 
pmrush2112Author Commented:
You are correct about the use of SQLite by the Firefox browser and others. However, the trojan is using SQLite to gain access presumably through Port 80 and onto my PC. I don't know what the name of the specific bug is, that is what I'm trying to find out.

The AVG Internet Security 3-Pack version 9.0.872 is what I use for the main anti-virus and firewall. Licensing is current.

Thanks.
0
 
younghvCommented:
I am fairly sure that the infection is spread by a 'cookie' left in your FF browser.


Download, install, and run
CCleaner (www.ccleaner.com)

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).


You might want to review my Article here for more details:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Sudeep SharmaTechnical DesignerCommented:
0
 
BGTSLLCCommented:
I second SSharma on Hitman Pro.  Combo Fix/MBAM are great but alot of Spyware/Malware writers are aware it's one of the first folks will use.  Some things neither will resolve that Hitman Pro takes care of in two seconds.
0
 
younghvCommented:
BGTSLLC,
Once again you are posting "advice" that is clearly wrong.
You obviously have no knowledge of repairing malware infections and I must ask you to stop posting in these Zones.

I am asking the Moderators to address the problems you are creating.
0
 
BGTSLLCCommented:
Wow.   But since you went there:

1.  Improper?  How so?  In quite a few instances running all of these scans don't work as evidenced by the numerous back and forth comments of using this and that.

2.  Actual knowledge?  What proof of my lack of knowledge do you have?  Can you validate your statements at least as FACT?  Have you validated my real world results and been able to consistently show otherwise that I'm incorrect and have yielded wrong results?

3.  Consistently wrong (and dangerous) how?  Do you have any documented examples where my advice has directly resulted in harm?

The beauty of the internet allows you to make a "defaming" and "slanderous" comment without actually having to validate if what you say is actually true.  In that regard; you are reckless because in a court of law you would be proven otherwise.   But of course you can offer pure speculation without having to even remotely validate your supposedly "correct" assessment.
0
 
BGTSLLCCommented:
In your profile you say this about yourself:

*****
I do this EE stuff for fun and don't give a Flying Flip about points - but I do care about good manners. EE is a fun place when everyone shows a little courtesy.
*****

Now since you have desired to get the Vee Mods involved; that would also mean I'm equally entitled to "fair trial" versus being assumed guilty so please explain to me how you have maintained any of what you say in your profile?

If you disagree with my approach; I can think of at least 2-3 different ways that could be addressed.  In dealing with customer infections on a daily basis there are numerous things to attempt prior to running something in safe mode.  Safe mode should always be a last resort; but in todays world of Spyware/Malware infections; it is often times a required one.  I have a vast array of utilities in my arsenal to dispose of Spyware/Malware infections or at least repair the OS enough to allow for the installation of software that will then remove it; but in a growing number of instances; cookie cutter resolutions on the customers dime don't always work to resolve them.  Running a Hijack this is great if you want to really see all the things that are occurring; but it's also something normally run when you either know the PC is infected and can't remove it; or suspect as such based on how the system is performing.  That is great if the end user wants to know the finer points and have a better understanding.  However in majority of cases; the customer simply wants the pc fixed; plain and simple.

So while you may disagree; I don't see based on your supposed "good" manners how that means making comments that you can not factually validate.  
0
 
pmrush2112Author Commented:
I just want to say sorry younghv for taking so long to get back to you. I've been totally focused on interviewing and searching for a Business Analyst position that I've neglected to come back to the sight.

I'm hoping all that it is is a zombie cookie. I deleted out of firefox from the registry and it is no longer there, unless there are hidden files not in the firefox folder I deleted.

I won't really know until I can make space to load MS SQL Server on my PC. I could have sworn MS SQL got really buggy when I loaded it but I could be wrong.

I can tell you I have no problems with Google Chrome which apparently is not alerting my AEG Firewall every time the browser starts like IE and Firefox.

Hopefully its just zombie cookies. The fact that the people who write this malware are not rotting in prison or being hung from a tree is beyond my understanding, since they attack every aspect of our global world.

As far as the two guys going at cyber wars I appreciate the passion for trying to keep BS marketers off of this valuable resource but the fact is everyone can agree that since this is Experts Exchange if your not an expert keep it to yourself.

People need solutions and not to be mislead. Amen.

Now find out who these Malware freaks are and learn how to be a responsible hacker and send these freaks a return favor, since they have an upper hand. The world would be better off if we could send something down the pipeline and have their computer burst into flames.
0
 
younghvCommented:
Thank you for the comments.
Malwarebytes is an incredibly powerful program - both for protection and repairs.

The good news is that if you buy the professional license (about US$25 - for your lifetime - for every subsequent computer you buy - one at a time of course - phew!) the protection will be outstanding.

I have been loading it on customer's computers for about a year now (mostly home users) and have not had one single infection reported.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now