Ok, updates on the "Funneh" problem (links to
http://fightbac.com/files/Funneh.exe):
- I'm now almost positive that it loads itself as a sort of plugin
to AIM itself, or is otherwise launched only when AIM is run, hence why
it doesn't show up in the HijackThis log files.
- I still am no closer to a solution since I can't reproduce the
problem, and there are too many places to look without having more
detailed information
- If and when I can get a testing setup going, I should be able to find out exactly
what's going on
- I do know for sure that using Gaim or Trillian prevents the
problem since the virus won't run when launching Gaim instead of AIM,
etc.
In short, I'm still working on it, I still haven't got enough
information, and I still need a Windows testing machine that I can
infect, then clean. I've got it narrowed down since I now know that
it's hiding somewhere inside of the AIM settings and files, but that's
about it.
-Jay