[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor v4.5.3 infected??
Hi guys,
I want to report a virus infection when upgrading to Tor v4.5.3. Maybe it
is due to DNS, I don't know. I am not such an expert.
Please look at my comment below which I sent for publication on the
Torporject website. Contact me at this email address if necessary.
Oric.
===================================
ATTENTION:
***************
Hello,
using Tor v4.5.1, I was requested to update with v4.5.3. I accepted and
while the update was performed, my GData antivirus reported an infection,
with keylogger tools trying to be installed (see log details below).
Hmmm, it can be that the DNS-name was re-routed to a fake, I am not quite
sure. Well, I disconnected from internet, performed several scans, it seems
the infection could be stopped. I re-installed v4.5.1 and will not perform
any more updates!!
I just want to let the community know.
The log is in French, so what it says in substance is (part "actions"):
This program (updater.exe) executed actions in the name of another program
The program executes a connection to the network
The program records all keyboard inputs
An unknown process has been consulted
The program started another program in order to deactivate himself
==============================
Log details here below (in French sorry):
==============================
*** Processus ***
Processus: 5212
Nom de fichier: updater.exe
Chemin d'accÃs:
c:\users\olivier\appdata\local\temp\mozupdater\bgupdate\updater.exe
Ãditeur: Editeur inconnu
DÃmarrage à partir de: firefox.exe
Ãditeur: Editeur inconnu
*** Actions ***
Ce programme a exÃcutà des actions au nom d'un autre programme.
Le programme gÃnÃre une connexion à travers un rÃseau.
Le programme enregistre toutes les entrÃes clavier.
Un processus inconnu a Ãtà consultÃ.
Le programme a crÃà ou manipulà un fichier exÃcutable.
Le programme a lancà un autre programme de maniÃre à se dÃsactiver.
*** Quarantaine ***
Les fichiers suivants ont Ãtà envoyÃs en quarantaine:
C:\Users\olivier\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
c:\users\olivier\appdata\local\microsoft\windows\appsfolder.itemdata-ms
c:\users\olivier\appdata\local\microsoft\windows\appsfolder.itemdata-ms.bak
c:\users\olivier\appdata\local\microsoft\windows\appsfolder.itemdata-ms.new
c:\users\olivier\appdata\local\microsoft\windows\appsfolder.itemdata-ms~rfc396ba7.tmp
c:\users\olivier\appdata\local\microsoft\windows\explorer\iconcache_idx.db
d:\logiciels\tor
browser\browser\browser\components\browsercomps.dll.moz-backup
d:\logiciels\tor browser\browser\firefox.exe.moz-backup
d:\logiciels\tor browser\browser\freebl3.dll.moz-backup
d:\logiciels\tor browser\browser\gkmedias.dll.moz-backup
d:\logiciels\tor browser\browser\libegl.dll.moz-backup
d:\logiciels\tor browser\browser\libglesv2.dll.moz-backup
d:\logiciels\tor browser\browser\mozalloc.dll.moz-backup
d:\logiciels\tor browser\browser\mozglue.dll.moz-backup
d:\logiciels\tor browser\browser\mozjs.dll.moz-backup
d:\logiciels\tor browser\browser\nss3.dll.moz-backup
d:\logiciels\tor browser\browser\nssdbm3.dll.moz-backup
d:\logiciels\tor browser\browser\nssutil3.dll.moz-backup
d:\logiciels\tor browser\browser\plugin-container.exe.moz-backup
d:\logiciels\tor browser\browser\plugin-hang-ui.exe.moz-backup
d:\logiciels\tor browser\browser\smime3.dll.moz-backup
d:\logiciels\tor browser\browser\softokn3.dll.moz-backup
d:\logiciels\tor browser\browser\ssl3.dll.moz-backup
d:\logiciels\tor
browser\browser\torbrowser\data\browser\caches\firefox\updates\0\updater.exe
d:\logiciels\tor
browser\browser\torbrowser\data\browser\profile.default\extensions\support@xxxxxxxxxxxx\platform\winnt_x86_64-msvc\components\lpxpcom_x86_64.dll
d:\logiciels\tor
browser\browser\torbrowser\data\browser\profile.default\extensions\trash\support@xxxxxxxxxxxx\platform\winnt_x86-msvc\components\lpxpcom.dll
d:\logiciels\tor
browser\browser\torbrowser\data\browser\profile.default\extensions\trash\support@xxxxxxxxxxxx\platform\winnt_x86_64-msvc\components\lpxpcom_x86_64.dll
d:\logiciels\tor
browser\browser\torbrowser\data\browser\profile.default\telemetry.failedprofilelocks.txt
d:\logiciels\tor browser\browser\torbrowser\docs\changelog.txt
d:\logiciels\tor browser\browser\torbrowser\tor\tor.exe.moz-backup
d:\logiciels\tor browser\browser\updater.exe.moz-backup
d:\logiciels\tor browser\browser\xul.dll.moz-backup
f:\mes_docs\_appdata_windows\roaming\stardock\fences\troubleshootinglog\fences_debug_info.txt
Les entrÃes de registre suivantes ont Ãtà supprimÃes:
YGLRebIJKycoJiYnCC0nu2JicrILLie5LCfYcpL4cCp0gmJiQicIt3KCYmJygpArFp0nuZAuJygmJicIynKCYmJygqAtJycmJicHa3KiYmJyorApJyomJicKrHLCYmJywsAvJ+hiYnKCDpcmJygmJicIlycnKCYmJwinKxnpNWYrKRldY7ZykpFeY7aCcHtyonJycpJw23JyYmJycnD7cqJiYnKicOxygmJicoJw/HKCYmJygnCOcnIK9ycnKiYmJwr3LCcpJiYnCfcvJykmJicJaCknCAA
Version des rÃgles: 5.0.57
OS: Windows 6.2 Service Pack 0.0 Build: 9200 - Workstation 64bit OS
Version de la bibliothÃque de liens dynamiques : 51504
C:\Users\olivier\AppData\Local\Temp\MozUpdater\bgupdate\updater.exe
"D:\Logiciels\Tor
Browser\Browser\TorBrowser\Data\Browser\Caches\firefox\updates\0"
"D:\Logiciels\Tor Browser\Browser\updated" 7016/replace "d:\Logiciels\Tor
Browser\Browser" "D:\Logiciels\Tor Browser\Browser\firefox.exe"
MD5:
"D:\Logiciels\Tor Browser\Browser\firefox.exe"
MD5:
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk