Blocking a EXE from downloading in vista

X

xcalbier

Member
Hi
my problem is this there is a new virus out called hotfix ( this is NOT a windows file)
Well also i had avg installed but needed something better and found microsoft security essentials .
But I really dont think this is the problem??
anyway this EXE file downloads into my applacation data / roaming file and BLOCKS every thing from launching fire fox exployer task manger .
the only opption it gives is a scan on line which takes you to a melware download software .
This is why i think this is a virus and not my antivirus stoping an attack.as if i do a scan it doesnt even pick up this HOTFIX exe 668kb in size .
now i did figer out how to delete the thing by going into safe boot with all services turned off .
That lets me delete it .and every thing goes back to working again .
But i want to STOP this file from being downloaded again.
the name is HOTFIX.EXE and as i said it is put into the appdata /roaming folder as a stand alone is there a way in vista to BLOCK this exe from being downloaded from a web page to begin with as its a real pain.
Thanks for any help you can give.
 

My Computer

System One

If you use Firefox go to tools,applications, set it to "always ask" for .exe files
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
Here is some more info on it, it is installed by a known Trojan: Troj/DwnLdr-IMG (definitions have been out since September 20 2010) and in reality your Resident protection should have detected it before it took hold.
Knowing this i assume you switched from AVG to MSE after your computer was compromised (may explain why it was not detected)

Troj/DwnLdr-IMG Trojan - Sophos security analysis

The link is supplied for added info, looked under the "More Information" tab

I do not know anything about the recommended Sophos Security Scan, so if you choose to use it do so at your own risk
 

My Computer

System One

  • Manufacturer/Model
    Hewlett Packard, compaq presario CQ60-305AU
    CPU
    AMD Athlon QI-46 2.1 Ghz
    Motherboard
    Wistron 303C
    Memory
    2048 Mb DDR2 SD Ram
    Graphics Card(s)
    NVidea GE Go Force 8200M G / 256Mb dedicated grapics memory
    Sound Card
    MCP78S NVidea High definition
    Monitor(s) Displays
    15.6" High Definition Brightview Widescreen
    Screen Resolution
    1336x768
    Hard Drives
    Toshiba MK2555GSX ATA
    Mouse
    Synaptics PS2/Touchpad
Also my post requires more info, In firefox,Tools,Options,Applications. Click on the help at the bottom of the open page and it should tell you how to do it.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
ilike i followed your instructions but in the tools/options/applications there is no opption for always ask for exe files the version i am using is 3.6 firefox and the help link to fire fox shows no opption that i can find for just a always ask opption on ANY exe download .
But i did find a add on for firefox called public fox that is desined to block any and all exe auto downloads but am not sure just how it works and there is very little info on it .
if i use it to block all exe i dont know if i will be able to download any thing at all??? lol gess i need to test it as i can always disable it lol
you know i have had Microsoft security essent in for a couple weeks now (updated and scaned more then once) and i grante i can run a scan find meleware then run spybot and find more .
man we need a program THAT will deni these auto downloads to start NO EXE or script runs or popups or redirects download at all without you clicking yes very simple if you ask me .
script blocker helps some aDD BLOCKER HELPS SOME, SPYBOT AND ANTIVIRUS dont HELP UNTIL AFTER THE FACT. kind like knowing someones going to kill you but wating till they do it to call the cops hu lol
well your computer may already be toast but hey my anti-virus was upto date lol
 

My Computer

System One

well the firefox add on public fox didnt work lol and i clicked block all EXE .
but do know a website that is infected went there and well up pops Microsoft security lol .
o well i gess alest i can get this stuff out even if i end up doing it by hand .
 

My Computer

System One

I recomend you use Microsoft Security Essentials, MalwareBytes AntiMalware,and maybe Super Antispyware.

Info on the add-on you got is as follows

If you want to block EXE ZIP and TORRENT you would enter --> "exe,zip,torrent" into Public Fox options.

If you lost your password use SafeMode:
"C:Program Files\Mozilla Firefox\firefox.exe" -safe-mode

Go into 'about:config' filter 'extensions.dlwatch.password' and erase your password.
Set 'extensions.dlwatch.lock' to false
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
I don't use the left side of this extention but do use the right side that blocks sites.
Click on tools,add-ons,Public Fox,Options
in the right URL Blocking Options, click Block Links To Blacklisted Sites
Go to add click with your cursor at the *and replace example with the site you want to block. click ok.
 

My Computer

System One

  • Manufacturer/Model
    Lenovo Thinkpad T400
    CPU
    Intel Mobile Core 2 Duo P8700 @ 2.53GHz
    Motherboard
    LENOVO 64734VM
    Memory
    2.00GB Single-Channel DDR3 @ 531MHz
    Graphics Card(s)
    Intel Mobile Intel 4 Series Express Chipset Family
    Sound Card
    Conexant 20561 SmartAudio HD
    Monitor(s) Displays
    15 inch
    Screen Resolution
    1280 x 800
    Hard Drives
    1x 180GB Intel 530 series SSD
    1 x 120GB Hitachi 5400rmp
    1 x 650GB Western Digital Elements 5400rpm
    1x 1Tb Western Digital Elements 5400rpm
    Internet Speed
    Medium for New Zealand
    Other Info
    Weakest part of my computer is the graphics chipset.
    Only ever used a laptop.
    Also use USB Freeview TV Card
    Lenovo Docking Station
    External Speakers
    Other bits a pieces as needed
thanks ilike I do have microsoft security essentials and melwarebytes as for public fox i tryed blocking all EXE didnt stop the the one that tryed to download but microsoft did stop it so alls good.
as for the originial hotfix virus it may be taht the microsoft security essentails program is now upto date enough to stop that as well as I had a bad hit a few days agaio with the program saying sever threat and it did stop it and delete it . but as i only knew the hotfix by that name i didnt know the trogen name for it so dont know for sure if it was taht same one taht time as well.
anyway I do believe microsoft security essentials is much better then avg lol.
but i sware i spend as much time chasing down this kind of stuff as using my pc to surf
 

My Computer

System One

You must log in or register to reply here.
Back
Top