Results 1 to 6 of 6

Thread: HELP! Computer problem!

  1. #1
    God/dess
    Joined
    Apr 2007
    Location
    The Diner State
    Posts
    5,085
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default HELP! Computer problem!

    I keep getting a popup that says "myftp.exe has an error". Sure enough it was running when I checked the task manger. WTF is that? I have AVG, did a scan, there was no issue. I'm searching the intarwebs for what this might be, but can any of our more computerly knowledged people help me out here? Thanks!

  2. #2
    Sitri
    Guest

    Default Re: HELP! Computer problem!

    Arrival and Installation

    This worm may arrive via network shares. Once executed, it drops a copy of itself as MYFTP.EXE in the Windows system folder.

    It also creates the following entries in registry to ensure its automatic execution at every system startup:

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Run
    ethernet = "myftp.exe"

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\RunServices
    ethernet = "myftp.exe"

    It also adds the following entry:

    HKEY_CURRENT_USER\Software\Microsoft\OLE
    ethernet = "myftp.exe"

    Network Propagation

    This malware propagates by dropping copies of itself in shared network folders. If the network share has restricted access the malware uses a list of common username and passwords to gain access.

    Exploits

    This worm can also spread by using the following Windows exploits:

    * The Buffer Overrun In RPCSS Service vulnerability, which enables an attacker to run arbitrary code on a user's system. This vulnerability is discussed in detail in Microsoft Security Bulletin MS03-039.
    * The IIS/WebDAV exploit, which enables arbitrary codes to execute on the WebDAV server by also sending a malformed request packet. This exploit is a service related to the HTTP on port 80. More information about this vulnerability is found in Microsoft Bulletin MS03-007.
    * The Windows LSASS Vulnerability, which is a buffer overrun that allows remote code execution and enables a malicious user to gain full control of the affected system. This vulnerability is discussed in detail in Microsoft Bulletin MS04-011 and Trend Micro's Security Advisory on MS04-011.

    Backdoor Capabilities

    This worm has a built in IRC client engine which enables it to connect to a remote IRC server and channel where it awaits other commands from a malicious user. The malware can process the following commands inputted through IRC:

    * Change IRC server and channel where it connects to
    * Download and execute files
    * Emulate a proxy server
    * Emulate an FTP server
    * Enable/disable DCOM protocol
    * Flush DNS cache
    * Get system information (i.e., CPU speed, free memory, uptime, free disk space)
    * List and terminate services and processes
    * Log keystrokes
    * Redirect connections
    * Scan local area network for listening ports
    * Send SMTP email
    * Sniff packets

    Denial of Service

    This worm is also capable of performing the following Denial of Service (DoS) attacks:

    * HTTP flood
    * Ping flood
    * SYN flood
    * UPD flood

    Information Theft

    This worm is capable of stealing the licenses or CD keys of the following software applications:

    * Battlefield 1942
    * Battlefield 1942 (Road To Rome)
    * Battlefield 1942 (Secret Weapons of WWII)
    * Battlefield Vietnam
    * Black and White
    * Chrome
    * Command and Conquer: Generals
    * Command and Conquer: Generals (Zero Hour)
    * Command and Conquer: Red Alert
    * Command and Conquer: Red Alert 2
    * Command and Conquer: Tiberian Sun
    * Counter-Strike (Retail)
    * FIFA 2002
    * FIFA 2003
    * Freedom Force
    * Global Operations
    * Gunman Chronicles
    * Half-Life
    * Hidden & Dangerous 2
    * IGI 2: Covert Strike
    * Industry Giant 2
    * James Bond 007: Nightfire
    * Legends of Might and Magic
    * Medal of Honor: Allied Assault
    * Medal of Honor: Allied Assault: Breakthrough
    * Medal of Honor: Allied Assault: Spearhead
    * Nascar Racing 2002
    * Nascar Racing 2003
    * Need For Speed Hot Pursuit 2
    * Need For Speed: Underground
    * Neverwinter Nights
    * Neverwinter Nights (Hordes of the Underdark)
    * Neverwinter Nights (Shadows of Undrentide)
    * NHL 2002
    * NHL 2003
    * Rainbow Six III RavenShield
    * Shogun: Total War: Warlord Edition
    * Soldier of Fortune II - Double Helix
    * Soldiers Of Anarchy
    * The Gladiators
    * Unreal Tournament 2003
    * Unreal Tournament 2004

    Process Termination

    This worm is capable of terminating the following antivirus-related processes that is running in the system: Almost anything.

    Google on how to remove.

  3. #3
    Member
    Joined
    Dec 2006
    Posts
    55
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: HELP! Computer problem!

    Terminate it and then either disable it or set it to manual in the services section!

    Click Start -> run -> type services.msc

    Search for the myftp.exe, then disable or manual

    Also see:

    http://www.liutilities.com/products/...sslibrary/ftp/

    http://www.wilderssecurity.com/showthread.php?t=160361

  4. #4
    God/dess
    Joined
    Apr 2007
    Location
    The Diner State
    Posts
    5,085
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: HELP! Computer problem!

    Hmm, couldn't find it in the services section. I took everything else 'myftp' out. Ran trendmicro's home scan and some others. Looks like it was actually spyware. Bastards. Thanks!

  5. #5
    God/dess UtahMike's Avatar
    Joined
    Jan 2007
    Location
    Utah
    Posts
    2,998
    Thanks
    2
    Thanked 64 Times in 43 Posts
    My Mood
    Amused

    Default Re: HELP! Computer problem!

    When I see stuff like this, I stop and thank God that I surf the web with a Macintosh.

  6. #6
    God/dess
    Joined
    Apr 2007
    Location
    The Diner State
    Posts
    5,085
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default Re: HELP! Computer problem!

    Nooo, Macs=wrong and evil. I wish they didn't drive me so insane though, because it would be safer!

Similar Threads

  1. I have a problem and my problem is stupid.
    By teeth_of_the_hydra in forum The Lounge
    Replies: 48
    Last Post: 09-03-2008, 07:12 AM
  2. Computer problem - seems odd.
    By MsQwerty in forum The Lounge
    Replies: 11
    Last Post: 07-26-2008, 07:04 PM
  3. Weird computer problem, please help!
    By LilyLove in forum The Lounge
    Replies: 2
    Last Post: 05-24-2008, 11:29 AM
  4. yep it's another computer problem
    By hannah83 in forum The Lounge
    Replies: 1
    Last Post: 04-06-2006, 07:30 PM
  5. WARNING: Sony CDs a computer security problem
    By Deogol in forum The Lounge
    Replies: 0
    Last Post: 10-31-2005, 07:15 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •