If you have never used Tumblr, you may have difficulty understanding this. I was looking through the blogs I follow on Tumblr (which are mostly blogs that follow mine) and apparently one of them has been black listed (by the Korean government, from all indications) -- there is no way to know this has happened, so as to avoid it, and this blog I had been following for more than a year. At any rate, when I opened that blog, rather than opening its page, the blog opened in my "dashboard" (the page that shows the feeds from all of the blogs I follow), and when a blog does that it means the Korean government is inserting malware into my PC. Precisely why any given blog might be blacklisted is not clear: while that blog occasionally posted adult content, much worse blogs seem unaffected, so I have no idea what their criteria might be -- but it is probably completely arbitrary (their censor did not like something he or she saw). When I realized what was happening, I tried to shut Firefox down, but that never works. Anyway, the command prompts that I mentioned flashed and then the cooling system of my PC shut down again (which is supposed to make the CPU overheat and crash the PC). When this kind of malware attack first began to happen, Combofix was able to resolve it. But recently the malware prevents Combofix from loading completely. Running Emsisoft first allows Combofix to run next, and this combination restores the cooling system. Now whether it actually removes the malware, or simply interrupts its manifestation, I can not say -- I am not a technical expert. I might suspect that the malware is disguised as something else, and remains present (hence the command prompts that run randomly, as I explained, due to whatever it is that stimulates the malware -- sometimes when I am watching a CD from a disk, sometimes when I am reading news from a page with embedded report or large or extensive graphics, and so on: perhaps a spyware component). Apparently trying to open a blacklisted blog just triggers the malware into action.
I have to suppose that this is a professionally-created malware, not something made by kids messing around with too much time on their hands, since it seems exceptionally well disguised (so none of the scans is picking up on the thing itself, just its manifestations). Again, when the cooling system is disrupted, Combofix disrupts whatever path is controlling this, and allows it to return to normal. (As I explained in the beginning, my PC has a display on the front of the case that shows CPU temperature, and the various cooling fans, with graphical representation of when they are on or off; and I have confirmed that it is accurate -- when it shows a fan running, the fan is actually running; and when the display is not working, the fans do not work either.) It is a way to control the behavior of the population by messing up their PC if they misbehave. As I said, I have written to Tumblr, because it seems that their security has been breached, but we will have to wait to see what they say. But, returning to the present, since nothing is showing up on any of the scan results, I do not know what, if any, resolution is possible, since it appears impossible to identify precisely what is going on.
I hope this has answered your question, Broni. Have a great weekend!
-- Daniel
