Solved

SQLite Trojan, Worm or Virus entered thru browser

Posted on 2011-02-28
10
972 Views
Last Modified: 2012-05-11
Muy importante, por favor,

An SQLite Tracking Cookie Trojan, Worm or Virus attacked and entered through my original Firefox browser by attacking the SQLite program attached to the Firefox browser.  My mother has been hit with the same thing on her PC.

All of the browsers I have used in the past do not subdue(not activate)  the tracking cookie. I'm currently using the Google Chrome browser, because it is the only browser that stops the trojan from at least activating but obviously doesn't kill it. My AVG Internet security firewall and antivirus don't identify or isolate it either. I've tried antivirus programs and nothing.

I immediately also had to uninstall any programs such as MS SQL Server 2005 off of my computer since the bug was attacking it and it was acting erratic. I need a registry fix for this fast, so I can start building databases again and load them on to my computers.

Both my laptop and my desktop OS have been infected. If Microsoft or an Open Source has a patch to kill this bug please let me know, I've never found it. I really like how the user is the software quality control over the last 10yrs. Whatever happened to taking the bugs out yourself and browser testing?

I don't feel comfortable doing any type of software development with this ugly mess sitting in the shadows and exacerbating the problem to a website online possibly infecting someone else.

Thanks.
pmrush2112
0
Comment
Question by:pmrush2112
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35000115
Could you please let us know the name of the Virus or Trojan? and What security software are you using currently.

As far as I know Firefox used SQLLite to keep track of most of the things you do with Firefox, like browser preference, cookies, downloads etc.

Sudeep
0
 

Author Comment

by:pmrush2112
ID: 35000366
You are correct about the use of SQLite by the Firefox browser and others. However, the trojan is using SQLite to gain access presumably through Port 80 and onto my PC. I don't know what the name of the specific bug is, that is what I'm trying to find out.

The AVG Internet Security 3-Pack version 9.0.872 is what I use for the main anti-virus and firewall. Licensing is current.

Thanks.
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 35000584
I am fairly sure that the infection is spread by a 'cookie' left in your FF browser.


Download, install, and run
CCleaner (www.ccleaner.com)

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

When finished with MBAM, post the log that is generated and let us look at it for you.

IF NEEDED, we may ask you do download ComboFix (using the same "Save As" process).


You might want to review my Article here for more details:
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35000778
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35116909
I second SSharma on Hitman Pro.  Combo Fix/MBAM are great but alot of Spyware/Malware writers are aware it's one of the first folks will use.  Some things neither will resolve that Hitman Pro takes care of in two seconds.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 38

Expert Comment

by:younghv
ID: 35116932
BGTSLLC,
Once again you are posting "advice" that is clearly wrong.
You obviously have no knowledge of repairing malware infections and I must ask you to stop posting in these Zones.

I am asking the Moderators to address the problems you are creating.
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35116983
Wow.   But since you went there:

1.  Improper?  How so?  In quite a few instances running all of these scans don't work as evidenced by the numerous back and forth comments of using this and that.

2.  Actual knowledge?  What proof of my lack of knowledge do you have?  Can you validate your statements at least as FACT?  Have you validated my real world results and been able to consistently show otherwise that I'm incorrect and have yielded wrong results?

3.  Consistently wrong (and dangerous) how?  Do you have any documented examples where my advice has directly resulted in harm?

The beauty of the internet allows you to make a "defaming" and "slanderous" comment without actually having to validate if what you say is actually true.  In that regard; you are reckless because in a court of law you would be proven otherwise.   But of course you can offer pure speculation without having to even remotely validate your supposedly "correct" assessment.
0
 
LVL 4

Expert Comment

by:BGTSLLC
ID: 35117022
In your profile you say this about yourself:

*****
I do this EE stuff for fun and don't give a Flying Flip about points - but I do care about good manners. EE is a fun place when everyone shows a little courtesy.
*****

Now since you have desired to get the Vee Mods involved; that would also mean I'm equally entitled to "fair trial" versus being assumed guilty so please explain to me how you have maintained any of what you say in your profile?

If you disagree with my approach; I can think of at least 2-3 different ways that could be addressed.  In dealing with customer infections on a daily basis there are numerous things to attempt prior to running something in safe mode.  Safe mode should always be a last resort; but in todays world of Spyware/Malware infections; it is often times a required one.  I have a vast array of utilities in my arsenal to dispose of Spyware/Malware infections or at least repair the OS enough to allow for the installation of software that will then remove it; but in a growing number of instances; cookie cutter resolutions on the customers dime don't always work to resolve them.  Running a Hijack this is great if you want to really see all the things that are occurring; but it's also something normally run when you either know the PC is infected and can't remove it; or suspect as such based on how the system is performing.  That is great if the end user wants to know the finer points and have a better understanding.  However in majority of cases; the customer simply wants the pc fixed; plain and simple.

So while you may disagree; I don't see based on your supposed "good" manners how that means making comments that you can not factually validate.  
0
 

Author Closing Comment

by:pmrush2112
ID: 35118715
I just want to say sorry younghv for taking so long to get back to you. I've been totally focused on interviewing and searching for a Business Analyst position that I've neglected to come back to the sight.

I'm hoping all that it is is a zombie cookie. I deleted out of firefox from the registry and it is no longer there, unless there are hidden files not in the firefox folder I deleted.

I won't really know until I can make space to load MS SQL Server on my PC. I could have sworn MS SQL got really buggy when I loaded it but I could be wrong.

I can tell you I have no problems with Google Chrome which apparently is not alerting my AEG Firewall every time the browser starts like IE and Firefox.

Hopefully its just zombie cookies. The fact that the people who write this malware are not rotting in prison or being hung from a tree is beyond my understanding, since they attack every aspect of our global world.

As far as the two guys going at cyber wars I appreciate the passion for trying to keep BS marketers off of this valuable resource but the fact is everyone can agree that since this is Experts Exchange if your not an expert keep it to yourself.

People need solutions and not to be mislead. Amen.

Now find out who these Malware freaks are and learn how to be a responsible hacker and send these freaks a return favor, since they have an upper hand. The world would be better off if we could send something down the pipeline and have their computer burst into flames.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35118889
Thank you for the comments.
Malwarebytes is an incredibly powerful program - both for protection and repairs.

The good news is that if you buy the professional license (about US$25 - for your lifetime - for every subsequent computer you buy - one at a time of course - phew!) the protection will be outstanding.

I have been loading it on customer's computers for about a year now (mostly home users) and have not had one single infection reported.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now