Alert

  • Creator
    Topic
  • #4030429

    “Exciting Fear Girl” windows process

    Locked

    by matt1636653145 ·

    I have a computer in my shop infected with the SSOption browser hijacker (among other things). It is controlling a process and a service called “Exciting Fear Girl”. I thought with a name like that it would be easy to find more information about it, but I’ve come up empty. There’s no mention of it even where I could find info on SSOption. I’m going to remove it, of course, but I wonder if I should capture it on a thumb drive to preserve it for research.

All Comments

  • Author
    Replies
    • #4030447
      Avatar photo

      No and never.

      by rproffitt ·

      In reply to “Exciting Fear Girl” windows process

      If you don’t know how to do this, you shouldn’t be saving it. Wipe it out with the usual tools (Malwarebytes and others) and never look back.

      However, look at what you did to allow this MALWARE onto your PC. Now don’t do that ever again.

      • #4030886

        I think you misunderstand the situation.

        by matt1636653145 ·

        In reply to No and never.

        The infected computer belongs to a client who brought it to me for repair. Frankly, I’m insulted that you would imply I did this to myself. If this is how you usually treat people dealing with malware, you should be ashamed.

        • #4030984
          Avatar photo

          It appears you are new to malware treatments.

          by rproffitt ·

          In reply to I think you misunderstand the situation.

          And as such you are ill prepared to handle such work.

          For now your best action would be to tell the client it’s too dangerous to use this PC until a clean install of their selected OS is performed.

          You are not ready to do research and quarantine such things and I don’t know of any forum that can help a person obtain such skills in any short discussion.

        • #4030996

          That’s no excuse

          by matt1636653145 ·

          In reply to It appears you are new to malware treatments.

          I don’t know why you would assume I’m trying to learn how to research malware from you. If you don’t know what it is either, that’s fine. Maybe someone else can tell me something about such a blatantly obvious alias, or if this very attention grabbing string is actually something interesting.

          I have no illusions that I’ll be able to dissect this thing myself. I only want to know whether someone else might want to.

        • #4031009
          Avatar photo

          “if I should capture it on a thumb drive to preserve it for research.”

          by rproffitt ·

          In reply to That’s no excuse

          No. It’s that simple. It doesn’t matter if you keep it or not but if you run a repair shop like I did for over a decade you have a set protocol for infected machines.

          If you haven’t made such a protocol, make one. Ours at the time was simple.
          1. See if the usual scanners would clean it off.
          2. If the usual cleaners fail, we move to a clean install after checking with the owner about backups.

Viewing 0 reply threads