Re: Exploit

From: "David Kelsey" <david_kelseyNO@xxxxxxxxxxxxxxx>

| Yesterday, my cursor suddenly started moving on its own, with no input from
| me, and I could not stop it. It moved to the start button, clicked it, then
| clicked run, entered the address of my other network computer plus 'my
| documents' and the name of my accounts file, which it opened. While all
| this was going on, I was trying to end task with the Task Manager, where the
| open task was called 'too funny LA 21' or something similar, which was the
| subject line of an e-mail I received from a friend in Canada. It contained
| a nun joke within the body of the message. It took several attempts to end
| task.
|
| Then I started removing all trace of the e-mail from both computers, and
| emptied whatever folders I could. My deleted items folder on one computer
| had already been emptied (not by me) of all mails except about 30 or 40
| ZDNet pages which I had received and deleted over several months. I have
| e-mailed ZDNet with the details in case they know anything about it.
|
| I got the latest updates, and scanned both machines with Norton and AVG,
| with no result. MS Antispyware ran and found nothing, but then it never has
| found anything ever on either machine. I checked with Symantec, and found
| nothing relating to this activity, either real or hoax.
|
| Since then, both machines appear to be running normally.
|
| Does anyone recognise this exploit, if that is what it is, please? It seems
| to be a macro of sorts, but I don't have it in my EZ Macros list, and I have
| deleted any trace of macros from Excel, not that there appeared to be
| anything active. I can't think how anything could know the address of my
| accounts file, nor can I think of any reason for accessing it. It doesn't
| contain any passwords or anything that could be used to get into my bank or
| whatever. However, it is very worrying, because obviously the run command
| could have been anything. Having said all that, it could be a useful macro,
| if I knew where to find it. I am the only user of the machine it cropped up
| on, and my wife is the only other person in the house. She wouldn't set up
| any macros. Could there be a key logger on board?
|
| I have XP Pro SP2 with all updates, four spyware programs, and two antivirus
| programs, plus the XP firewall and my ISP's firewall. You'd think the thing
| would be locked down tight, wouldn't you?
|
| David Kelsey
|

What kind of mouse do you use (PS/2, USB, wireless, etc) ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Quantcast