Jump to content

Exploit.drop.2 and potentially malicious sites


Recommended Posts

I started getting prompts to install win#####.exe files (which I would deny) where the string of numbers always changed. Norton Anti-virus did not detect anything.

I installed MalwareBytes as instructed, updated, did a quick scan. 10 instances of Exploit.drop.2 were indentified, quarantined and deleted. But I still got the win.exe file prompts. MalwareBytes also started giving me notice of blocked access to potentially malicious websites from said win.exe files. I'm not sure if the 2 problems are related.

I'm not sure what to post, but I'm pretty good at following instructions. here is the log of my first scan:

Thank you!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7615

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

8/30/2011 8:58:29 PM

mbam-log-2011-08-30 (20-58-29).txt

Scan type: Quick scan

Objects scanned: 187184

Time elapsed: 7 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 10

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\beth's laptop\AppData\Local\Temp\0.24613689681092543.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.5838524687004215.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.6453697768402089.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.6942728541889608.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.7541366366733688.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.8155958490942052.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.8655304582517166.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.8808513667497175.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.9961265059251604.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

c:\Users\beth's laptop\AppData\Local\Temp\0.575133489604935.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Well, I didn't get any replies but I'm happy to say I FINALLY figured it out myself.

Maybe I had two problems, I'm still not sure. MalwareBytes did detect and eliminate the Exploit.drop.2 problem. Still had the win#.exe pop-ups though.

At the suggestion of a friend, I ran another spyware program which detected 139 threats, 20 of which were registry problems. Fixed those. Still had win#.exe pop-ups.

Ran a registry cleaner program (same friend suggested it). Detected some problems, fixed most of them. Still had win#.exe pop-ups.

Yes, I was re-booting after each "fix."

Opened up Task Manager and saw the win.exe under processes. I realized I could tell it to find the location, so I did. I could never locate it before. Whoops, can't delete it, it's still running. Back to Task Manager and told it to end the process. Back to the file and deleted it. Reboot......and CLEAN! No pop-ups prompting me to install the file. No notifications about connections blocked to a potential malicious website. So happy! I saw that the file was dated August 11, 2011, which explains why when I did a System Restore to about August 17th, I still had the problem.

So it was *very* easy to fix. I just wish I had known what to do earlier. Hope this helps someone else.

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.