Jump to content

Recommended Posts

Hi,

I had a problem where my web browser would redirect google links to random websites.

I downloaded, installed and updated malwarebytes, which in turn detected a few infected objects, mainly reolving around winntse.bin.exe (I think that was it).

Anyway, the PC in question was only formatted in the last couple of weeks, had a fresh installation of XP, ALL updated from the MS site, and then I was using firefox, with everything set to 'always prompt' in the application tab + in acrobat reader I have 'open pdf in browser' unticked.

I work in IT, and I must admit, this has confused me.... I have only downloaded a couple of files and they would have been PDF and a .zip file, from what would appear to be a trusted source.

Can anybody explain how these viruses get on to the system? I just cannot understand how it's happening.... fresh install, all updates, symantec, FF (latest)..... the *only* thing that is out of the ordinary is the advert blocker plus that I use with FF, but it seems ok on other PC's.

I do not trust my other PC now, so I will probably have to format it...again.

Can anybody explain how the malware gets on to the PC!?? (In a technical level).. does it somehow change a memory location so that it starts executing code from a different address etc? (if so, how does it get access anyway!!?)

Thanks for your help!

Link to post
Share on other sites

Hello LeonR and :welcome:

I hope this does not sound simplistic but are you using an accessory hard drive or flash drive which could contain this cloaked malware?

From Prevx......

WINNTSE.BIN.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process

Uses low level functions to hide itself from the user and from system/security processes

WINNTSE.BIN.EXE has been the subject of the following behavior:

Added as a Registry auto start to load Program on Boot up

Link to post
Share on other sites

Hi goldhound, thanks for the reply!

I've seen malware install from usb keys before so I try to be careful with those now.

I'm pretty sure (95%) I did not use any external media between the format and when the PC became infected.

After doing some research , it appears that there are other ways to exploit the system, such as java/acrobat reader etc (from what I gather, unless its patched now). I'm not sure I was on the latest acrobat reader aswell (I se version 10 is out now?)

Tomorrow I am going to fully patch the system again, switch off all plugins in FF and use no script + ad blocker plus and then try and revist the websites and see if I can pickup the malware again. Sounds crazy I know, but I want to understand what is going on.

The first thing I noticed was when links were directing me to random locations..at first I thought DNS, but then it became clear soemthing was not quite right...

All the websites I went on were fine (researching a bike frame!)... it's really bugging me how this happened!

Thanks,

Leon

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.