DAMN IT!!!! DAMN IT DAMN IT!!!!
I got hit by a drive by malware/rootkit. The one where it constantly displays on your screen something to the effect of "THIS IS THE FBI. Your computer has been locked down for distributing child porn. Pay us $49.95 to unlock your system."
After much knashing of teeth, sweat and FEARS, reinstalling Malware-bytes and Norton AND restoring from a restore point from 2 months ago, I finally managed to kill it off. whatever it was trashed Norton and killed off Malware-bytes database. I managed to run Mbar (Malware-bytes Anti-Rootkit killer) I have not run Spybot S&D yet. 2 days of worrying (at least I have a full backup on a external drive and that has also been scanned)
When I finally got Malware-bytes up and running (I have the full paid version) it told me a file named sendori.exe was the most likely candidate for the infection. I pull up the Win Task Manager and find 2 processes:
sendoriup.exe
sendoritray.exe
I was not sure where these came from as I am very careful about what I allow to be installed on my PC.
The "official" description is this:
After a little Googling there are 2 schools of thought on sendori
1. it seems to be a legit browser helper that corrects misspelled web sites or redirects a user to a particular website by just typing in a brand name or keyword
2. IT seems to be the target ( and an EASY target at that ) for malicious malware rootkits, and such). the malware seems to get in through the auto-update function for sendori. The "update" hit/happened at like 4:30pm ( a time when I was not on the computer)
in the past couple of days I have noticed that some words on the various websites I visit will be blue highlighted and double underlined. When the cursor is passed over these highlighted words small ad banners appear pointing to various "product" websites.
NOW the fun part. I can not access the official Sendori website. Further Googling has found that this particular piece of "whatever" software is really really hard to get rid of especially after an attack. There are also 2 schools of thought
1 the uninstall program provided "should" uninstall this piece of crap. mild agreement on the net.
2. on bleepingcomputer.com one thread has at least 10 different steps (using 5 or 6 different programs/utilities) to remove sendori and all of the remants of the maleware/rootkits.
Anyone have any other suggestions.
I have and regularly use/scan with
Norton Internet security
Malware-bytes
Spybot S&d
An older version of AdAware (9.something as version 10 seems to be a full blown anti-virus and does not play well with Maleware-bytes, Norton or any other anti-virus.
I have also marked sendori to not be started at bootup.
I got hit by a drive by malware/rootkit. The one where it constantly displays on your screen something to the effect of "THIS IS THE FBI. Your computer has been locked down for distributing child porn. Pay us $49.95 to unlock your system."
After much knashing of teeth, sweat and FEARS, reinstalling Malware-bytes and Norton AND restoring from a restore point from 2 months ago, I finally managed to kill it off. whatever it was trashed Norton and killed off Malware-bytes database. I managed to run Mbar (Malware-bytes Anti-Rootkit killer) I have not run Spybot S&D yet. 2 days of worrying (at least I have a full backup on a external drive and that has also been scanned)
When I finally got Malware-bytes up and running (I have the full paid version) it told me a file named sendori.exe was the most likely candidate for the infection. I pull up the Win Task Manager and find 2 processes:
sendoriup.exe
sendoritray.exe
I was not sure where these came from as I am very careful about what I allow to be installed on my PC.
The "official" description is this:
Sendori is a cloud-based web service that helps people navigate to their favorite websites faster and protects them from malicious sites using proprietary web filtration technology. Simply type a brand, keyword or partial URL directly into your browser and Sendori delivers the correct website — every time.
Sendori operates a custom public Domain Name Server (DNS) infrastructure. Leveraging Anycast routing methodologies, DNSSEC security and an editorially curated directory, we deliver cutting edge name server technology. Deployed across seven geo-located facilities in the United States, we distribute traffic to multiple data centers providing some of the fastest uncached name resolution speeds available.
Sendori operates a custom public Domain Name Server (DNS) infrastructure. Leveraging Anycast routing methodologies, DNSSEC security and an editorially curated directory, we deliver cutting edge name server technology. Deployed across seven geo-located facilities in the United States, we distribute traffic to multiple data centers providing some of the fastest uncached name resolution speeds available.
1. it seems to be a legit browser helper that corrects misspelled web sites or redirects a user to a particular website by just typing in a brand name or keyword
2. IT seems to be the target ( and an EASY target at that ) for malicious malware rootkits, and such). the malware seems to get in through the auto-update function for sendori. The "update" hit/happened at like 4:30pm ( a time when I was not on the computer)
in the past couple of days I have noticed that some words on the various websites I visit will be blue highlighted and double underlined. When the cursor is passed over these highlighted words small ad banners appear pointing to various "product" websites.
NOW the fun part. I can not access the official Sendori website. Further Googling has found that this particular piece of "whatever" software is really really hard to get rid of especially after an attack. There are also 2 schools of thought
1 the uninstall program provided "should" uninstall this piece of crap. mild agreement on the net.
2. on bleepingcomputer.com one thread has at least 10 different steps (using 5 or 6 different programs/utilities) to remove sendori and all of the remants of the maleware/rootkits.
Anyone have any other suggestions.
I have and regularly use/scan with
Norton Internet security
Malware-bytes
Spybot S&d
An older version of AdAware (9.something as version 10 seems to be a full blown anti-virus and does not play well with Maleware-bytes, Norton or any other anti-virus.
I have also marked sendori to not be started at bootup.
Comment