Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: !!! VIRUS !!!----Helpdesk Section

  1. #11
    As of 13 these trojans are causing damage

    WORM_NETSKY.CA
    TROJ_HORST.GN
    TROJ_HORST.GL
    TROJ_HORST.GM
    TROJ_HORST.CK
    TROJ_HORST.GF
    TROJ_MANCSYN.AI
    TROJ_DLOADER.HAP
    TROJ_SMALL.FAD
    TROJ_YABE.AH

    Beware !!

  2. #12
    W32/Perlovga-RECOVERY

    Salaams Dtians,

    Its been time since i have pasted around.As my work and knowldege suggests,there has been another major outbreak of virus.Its been catogorised as malware by may,but KAV(Kasperspy Antivirus) has names it a virus,""W32/Perlovga""


    ""when i right click a drive letter (c, d, e), i notice a new item in the top of the context menu; 'Autoplay', when i click on it, a new window of windows explorer opens showing the contentes of that drive, this hapens even if i select the "open each folder in the same folder" option!

    some exe files are created every time i do this...

    two files is created in the root of the drive i select called copy.exe and host exe

    two other file is created in the windows folder called svchost.exe xcopy.exe

    two other files created in the system32 folder called temp1.exe and temp2.exe

    svchost.exe and host.exe have been reported by KAV as Trojan-Dropper.Win32.Small.apl

    copy.exe and xcopy.exe have been reported by KAV as Virus.Win32.Perlovga.a

    temp1.exe has been reported by KAV as Virus.Win32.Perlovga.b

    temp2.exe has been reported by KAV as Backdoor.Win32.small.lo

    well, KAV can detect and delete all these files but they do return back when i click again on the "Autoplay" item""


    Its a knock on.It spreads through drives like wildfire and it does so by you itself.On a infected PC ,double click on any local drive copies the virus into the respective drive.Plus the files get them superhidden ..

    Main running processes

    temp1.exe
    temp2.exe

    or

    TEMP1.exe
    TEMP2.exe

    ..On superhidden mode ull find in ur local drive,(note:to unlock superhidden mode,uncheck hide operating system files)

    copy.exe
    autorun.inf(double click to find --shell execute-copy.exe)
    host.exe

    To del this virus ,start thru search.Find all the abv file names and del them.Do expaned search.Then del following keys frm registry and your done.

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec0-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec0-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command]@="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec1-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec1-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec3-bff7-11da-bcaf-806d6172696f}\Shell]@="AutoRun"

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2\
    {a8b69ec3-bff7-11da-bcaf-806d6172696f}\Shell\AutoRun\command]
    @="C:\\WINDOWS\\system32\\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe"

    Hope this helps.Any further help[,dnt hesitate to post here or mail me at mytonse@yahoo.com

    M.Y.Tonse

  3. #13
    Storm Worm variant targets blogs, bulletin boards

    A variant of the Trojan horse attacks known as Storm Worm emerged Monday, targeting people who post blogs and notices to bulletin boards. Storm Worm emerged in January and raged across the globe in the form of e-mails with attachments that, when opened, loaded malicious software onto victims' PCs, commandeering the machines so they could be used for further attacks.
    The new Storm Worm variant attacks the machines of unsuspecting users when they open an e-mail attachment, click on a malicious e-mail link or visit a malicious site, said Dmitri Alperovitch, principal research scientist at Secure Computing.
    But the twist comes when these people later post blogs or bulletin board notices. The software will insert into each of their postings a link to a malicious Web site, said Alperovitch, who rates the threat as "high."
    "We haven't seen the Web channel used before," he said. "In the past, we've seen malicious links distributed to people in a user's address book and made to look like it's an instant message coming from them."
    The danger in this most recent case, he added, is that the user is actually posting a legitimate blog or bulletin board notice, unaware that a malicious link has been slipped into the text of the posting..

    measures are on the way...Will paste as soon i get some more info.

    Regards,

    M.Y.Tonse

  4. #14
    hmm..great help...but i will want to read it thrice...before i really act on it...Thanks 4 sharin...:up;



  5. #15

  6. #16
    Beat back that Trojan horse-CNET.com

    Beat back that Trojan horse



    By Jessica Dolcourt (2/28/07)


    Like its mythical namesake (dramatized in Lego), whatever crawls out of a digital Trojan horse will be a nasty surprise. A Trojan horse usually takes the form of an innocuous software program that unleashes a flood of malware or viruses after it's installed and run. Since attacks and ease of removal vary--an ad generator is easier to remove than a stealth rootkit--there's no one-size-fits-all solution. However, there are some common techniques for picking your way through the wreckage.

    Video: Outsmarting spyware
    Neha Tiwari and Jessica Dolcourt discuss Trojans.

    Reboot Windows in Safe Mode





    What is Safe Mode?

    Safe Mode is a diet version of the Standard Mode of Windows that your computer ordinarily runs. Rebooting in Safe Mode loads minimal programs and disables most device drivers that manage hardware like CD drives and printers. The result is a more stable iteration of the Windows operating system that's better suited for disabling malware while you perform a system scan.

    How do you use it?

    If you can, follow the necessary steps for a safe shutdown process and then reboot. When you restart Windows, as the screen begins to load, press F8 repeatedly until the Windows booting options appear. Select "Boot in Safe Mode" from the menu of options. Once in Safe Mode, you should be able to run your installed antispyware software with less interference from the malicious software that the Trojan brought onto your system.

    System Restore





    What is System Restore?

    System Restore strings out a safety net if everything goes kaput. Under default Window settings, System Restore saves a snapshot of your computer configuration once a day and on major upgrades that can be used to replace corrupted files. In the event of a Trojan attack, System Restore can revert Windows to a previous, uninfected state. It won't restore everything, like changes to your user profile, but it does reinstate biggies like your Registry and DLL cache.

    When do you use it?

    When purging your computer of spyware, System Restore has an optimal time and place. You wouldn't want your computer including corrupted files as the reference point of the day, so it's important to disable System Restore before you start cleaning. You can reactivate it once your system is spick-and-span.

    How do you use it?

    The paths for accessing System Restore differ by operating system. In Windows XP, disable System Restore by right-clicking My Computer and selecting Properties. Under the Performance tab, select File System, then the Troubleshooting tab, and finally check Disable System Restore. You'll be prompted to reboot. Follow these steps to uncheck the box before restoring your system.

    To use System Restore after scrubbing your computer, choose Accessories from the program list in the Start menu. You'll find System Restore under System Tools.

    This comprehensive article from TechRepublic demonstrates how to create and use System Restore in Windows Vista.

    Scan with antivirus/antispyware apps





    Downloading diagnostic and removal tools with an infected computer is a huge time sink--spyware can cripple your speed and Internet access. The Trojan's payload could prevent EXE files from downloading or launching. Also, malware can affect the performance of installed security software on your PC. If you store your antivirus/antispyware programs on a CD or flash drive, however, those malware-busting apps can commence their swashbuckling unhindered.

    Advanced users can save some time by creating a bootable DOS virus scanner that runs off a flash drive (tutorial from Ask the Geek).

    Which antivirus software should you get?

    Some of our favorite intrusion-repellants include Kaspersky Anti-Virus 6, which is worth the price (full review); Webroot SpySweeper and Spyware Doctor (the free versions identify but don't remove malware); AdAware and SpyCatcher Express (free spyware removal); and HijackThis (aggressive diagnostic tool). While none of these are Vista-compatible yet, Kaspersky and Ad-Aware plan to release Vista-ready updates in 2007.

    HijackThis is a powerful tool that monitors the critical areas of your computer for any significant changes. Many forums administrators will want to analyze your HijackThis log before recommending a removal plan. However, the program requires a bit of learning before you can use it effectively. You'll want to read our HijackThis tutorial before getting started.

    Disk reformatting





    What is it?

    Unlike a system restore, which rolls your operating system back to a previous configuration, disk reformatting requires you to reinstall Windows, plus all your data and applications, from scratch. This method is used to disable malware by overwriting corrupted files, replacing them with the default operating system.

    Disk reformatting is a time-consuming measure, and one we at CNET Download.com recommend you try after scanning and restoring your system.

    How do you reformat your hard disk?

    There are several ways to overwrite the operating system, some more complex than others. Start by backing up irreplaceable files; when they're gone, they're gone. The most traditional way to reformat the hard disk is by using a boot disk or boot CD to work around your troubled operating system and load into DOS. From there you can use a combination of command prompts (like C> format) and DOS formatting tools like Fdisk and DELpart to reinstate a clean operating system. Many of these tools will delete corrupted files from the hard disk, so they will no longer be recoverable. This useful thread on CNET's forums explores some step-by-step reformatting options.

    BootDisk.com provides free disk information for the gamut of Windows operating systems ("W2K" denotes Windows 2000.) Click on "DOS ? Windows 9X/NT4/2000/XP Excellent Bootdisks," and then download the "custom" version of your operating system where possible. Apps like Nero and Roxio (free trials) are convenient for quickly setting up the requisite boot CD from the EXE boot file. You'll want to make sure your BIOS is set to read off the CD drive before you begin reformatting. If you've never worked with BIOS and DOS before, we recommend that you get help from someone with advanced knowledge.

    For a less thorough workaround, you can try reinstalling the operating system. It's a simpler approach than reformatting with DOS, but it may not be able to disable fierce malware, such as a well-developed rootkit. Begin by feeding the original installation disk for your operating system into the CD-ROM. Choose to overwrite if you're given the option, but don't choose to make repairs.

  7. #17
    Hello.

    Are you being troubled by the latest resident trojan.

    the latest in line is RavMon.exe

    Help on the way.

  8. #18
    Malware Threats .

    Worm_sober.ax
    S_feebs.aaz
    Js_feebs.lm
    Worm_sdbot.efx
    Worm_nuwar.aos
    Troj_strat.in
    Troj_banload.cfu
    Worm_pykse.a
    Pe_corelink.a

  9. #19
    Symantec Threat Explorer

    Threat Explorer

    The Threat Explorer is a comprehensive resource for daily, accurate and up-to-date information on the latest threats, risks and vulnerabilities.



    SeverityNameDetectedProtected*
    W32.Ganbate.A05/28/2007
    Infostealer.Banker.D05/27/2007
    Trojan.Mpkit!html05/27/2007
    Bloodhound.Packed.2905/25/2007
    W32.Sachy.A05/25/2007
    W32.Lecivio05/25/2007
    W32.Sibaru.A05/24/200705/25/2007
    Trojan.Perfcoo05/24/200705/25/2007
    SymbOS.Viver.A05/24/200705/25/2007
    JS.Badbunny05/24/200705/24/2007
    Perl.Badbunny05/24/200705/24/2007
    Ruby.Badbunny05/24/200705/24/2007
    IRC.Badbunny05/23/200705/23/2007
    SB.Badbunny!inf05/23/200705/23/2007
    Python.Badbunny05/23/200705/30/2007
    SB.Badbunny05/22/200705/23/2007
    W32.Danber05/22/200705/23/2007
    W32.Drom05/22/200705/26/2007
    W32.Rahiwi.B05/22/200705/22/2007
    VBS.Lido05/22/200705/23/2007
    W32.Autosky05/22/200705/22/2007
    VBS.Lido!html05/22/200705/23/2007
    W32.Amend.A@mm05/21/200705/22/2007
    W32.Posse05/21/200705/21/2007
    W32.Naplik05/17/200705/18/2007
    W32.Naplik!inf05/17/200705/18/2007
    W32.Condown.A05/16/200705/28/2007
    W32.Uisgon.A05/16/200705/17/2007
    W32.Fubalca.E05/15/200705/15/2007
    Trojan.Usbsteal05/15/200705/16/2007
    W32.Mumawow.D!inf05/14/200705/15/200
    7W32.Mumawow.D05/14/200705/15/2007
    W32.Neela05/14/200705/15/2007
    Trojan.Haradong.C05/11/200705/11/2007
    W32.Popwin05/11/200705/12/2007
    Backdoor.Graybird!gen05/11/200705/12/2007
    W32.Kenety05/10/200705/11/2007
    W32.Stration.IZ@mm 05/10/200705/11/2007
    W32.Pitin.C05/10/200705/11/2007
    W32.Odelud05/10/200705/11/2007

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •