new mirar installation method??????

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
    i've been pretty fortunate the last 5-7 years and can honestly say I
have never been infected by malware & spyware.  I have been a true and loyal
kasparsky user since day one and a few other antispyware programs i use (no,
not running them all at the same time!) i scan with one the proceed to the
next till I have 3 scans completed.

    anyways, my the reason for my post is last night while surfing the net
my browser came to a halt, then came an internet explorer error and all ie
windows closed.  i can accept the fact that ie crashed no big deal.  not the
first, not the last time i would imagine.  what really baffles me is after
grabbing a bite, i came back to my computer and to my surprise there were 4
ie pages opened. with a big white & light blue box in the middle thanking my
for installing mirar toolbar.  i was shocked to see that i became infected
with this garbage.  needless to say i removed all of it without any problem
or it coming back to haunt me again.

what i like to know is how in the world did i become infected?  yes i
probably should of had kasparsky's online protection enabled but never had
to turn it on before and have done just fine without it.  i deleted all my
history so i can't go back to the last 3 or 4 pages to see which one got me
and how.  so, i'm just wondering could it be a new exploit?



Re: new mirar installation method??????

My wife was browsing birthday card sites on Wednesday evening and managed to
download a Mirar toolbar. Norton Auto Protect indicated that it contained
'malicious script' and disabled my POP email system.

I disabled the toolbar and did a full virus scan and found nothing.

Out of curiosity I did a Windows Explorer search for any downloaded .exe
files for that day and found 2 files that had installed at the exact time of
the problem: gadcom.exe and prunnet.exe. The first one is described as an
Infostealer and the other is a Downloader. When I opened the folders to look
at them the Auto Protect immeadiately identified them and tried to delete
them. Gadcom.exe refused to be deleted until I realized it had to
first be shut down using Task Manager. The other went without a fight.

I thought anybody who comes across the Mirar toolbar ought to be aware!!



Peter



Quoted text here. Click to load it



Re: new mirar installation method??????

ok so i'm not the only one thats come across this one.



Quoted text here. Click to load it



Re: new mirar installation method??????


On this special day, kreepz wrote:

Quoted text here. Click to load it

By using the Internet Explorer. Sorry to say so, but there is an
exploit out there in the wild since October or earlier which hasn't
been fixed yet.

http://www.microsoft.com/technet/security/advisory/961051.mspx
http://voices.washingtonpost.com/securityfix/iDefense_PressKit_ZerodayIE7_20081210.pdf

I prefer to browse with Opera, because then such incidents are *less
likely* to happen (not impossible, only unlikely), as using an uncommon
browser will get you out of that area which is most predominantly under
attack.


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
the difference is in the eye of the beholder... even history is not an
impartial judge, as it is written by the victors...
-
Kurt Wismer in alt.comp-anti-virus



Site Timeline