Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Viruses On The Rise - AGAIN

  1. #1
    Join Date
    Nov 2004
    Posts
    4,863
    Rep Power
    20

    Default Viruses On The Rise - AGAIN

    Take a gander at this from a customer's machine.

    http://cid-14209ec7e58b0d4c.skydrive...C7E58B0D4C!171

    File is called LISTING.TXT.

    Now I've seen this virus before, but only ONCE before have I seen it so rampant. I've seen it duplicate itself like 10,000 times in the root of a few partitions on another persons machine. This one though is the second one I've seen so bad. Approx 2000 on each partition, bringing the total to 6000+. To clean this, the fastest way I've found is to hook up the drive to my machine via USB enclosure or attachment, and then scan using my AV. After cleaning, I put back - install some free AV - then run a full scan. Usually it's ok after that, but today I got an interesting surprise on another machine.


    Setting up a PC for my niece, fresh install of XP. Regular stuff like Office and AVG and CCCP and SP3. Then I noticed that ever so often, while there was an internet connection, I kept on seeing AVG pop up say it find some EXE file which is infected in the SYSTEM VOLUME INFORMATION or in some other system folder or temp folder. Them viruses feisty - coming in on the back doors of Windows and getting the PCs. And this is with NO BROWSING being done. So now if a customer machine infested, I know it's because they have no good AV app or were just unfortunate, and not necessarily my first impression of them being stupid and clicking those pretty pop-ups about "your system is infected, click here to remove" - maybe they're not all that silly.
    Last edited by khat17; Mar 26, 2011 at 08:12 PM.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  2. #2
    Join Date
    Sep 2005
    Posts
    2,394
    Rep Power
    0

    Default

    were u using any removable media on that machine. that virus is spread via thumb drives so check that.
    To find what you seek in the road of life, the best proverb of all is that which says: "Leave no stone unturned." Edward Bulwer Lytton

  3. #3
    Join Date
    Sep 2006
    Posts
    2,515
    Rep Power
    0

    Default

    ive seen it its still around on pple thumb drives but it aint dat bad anymore
    Confucius say..Man who fight with wife all day, get no piece at night!
    Quote Originally Posted by Gillion View Post
    Your task as member of the elite is to educate, no matter how hard it is.
    No one can do all their own homework all the time. That is why people communicate and collaborate on forums.

  4. #4
    Join Date
    Nov 2004
    Posts
    4,863
    Rep Power
    20

    Default

    Quote Originally Posted by lovepython View Post
    were u using any removable media on that machine. that virus is spread via thumb drives so check that.
    I'm aware thanks. The second scenario no USB media was used. Just an XP disc and Office - it was just surprising to see how many things tried to infect the machine with internet available and no browsing being done.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  5. #5
    Join Date
    Sep 2005
    Posts
    2,394
    Rep Power
    0

    Default

    thats strange... is the machine the only one connected to the or is there a network of computer? i know of viri that spread over the network infecting shares but an attack on a machine that has just been installed hmm
    To find what you seek in the road of life, the best proverb of all is that which says: "Leave no stone unturned." Edward Bulwer Lytton

  6. #6
    Join Date
    Oct 2008
    Posts
    71
    Rep Power
    0

    Default

    mek sure the CD you using is genuine cause others could contain viruses!!!
    IM Iced out so she aint see nuttn but a blurr!!!

  7. #7
    Join Date
    Jan 2009
    Posts
    2,404
    Rep Power
    0

    Default

    There are quite a few ways the virus could have gotten on the system. I've met this virus before (it has a folder for an icon) and cleaned it easily. If the system wasn't freshly FORMATTED there is the possibility the user could have accidentally run it if it was on the machine before thinking it was a folder. Otherwise, some one of the installs were infected, or maybe a backup if you used that, or a removable drive...

    It usually places itself in several startup locations and saves a copy as a screensaver and pif (MS-DOS shortcut) in a startup folder. What I do is kill all of its versions running at once (DTaskManager), clean up the startup entries (Autoruns) then search the entire system for files of its exact size (exe, scr, com, bat & pif) and do a mass delete.
    Rooted OnePlus 2 64GB Ed, Android 5.1.1 OxygenOS ; on teifin' AT&T's network; Rooted ASUS Transformer TF101 w/ dock, Android 5.1 KatKiss; Laptop: ASUS X550C, 2.0GHzx2, 8GB, 512GB SSD, Kubuntu 15.10;
    Facebook page: Skeleville Technology Solutions

  8. #8
    Join Date
    Nov 2004
    Posts
    4,863
    Rep Power
    20

    Default

    Full delete partition and format. Machine was on network with two others that are fully protected by ZAISS and one other by similar version AVG. None of the others displayed that problem. No thumb drives used. XP disc was customized and slipstreamed by me. Scan on CD shows no virus. Probably got in on one of the holes in IE8 or some other hole after SP3.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  9. #9
    Join Date
    Nov 2004
    Posts
    4,863
    Rep Power
    20

    Default

    Resurrecting the old thread for a recent one that I found.

    Vista Security 2011 is an interesting name to give the app.

    Located in "C:\Users\USER1\AppData\Local\nix.exe" and having a filesize of 332 KB (339,968 bytes) it runs a process that is somehow called whenever the machine starts and brings up the security center showing that it is turned off. Then it scans and shows some fake found infections and asks you to buy. The description of the process is "STEAM" so if you're a gamer and unaware it may fool you.

    How I removed it was killing the process - finding the exe (including the one in the prefetch folder) and deleting them. Then I had to find a registry file a this website to return the file associations for EXE files. Lastly I did a scan with CCLEANER to fix any other loose ends. Installed Avast free 6 and did a full scan. Machine is now clean.
    Knowing the solution doesn't mean knowing the method. Yet answering correctly and regurgitation are considered "learning" and "knowledge".

  10. #10
    Join Date
    Aug 2002
    Posts
    611
    Rep Power
    0

    Default

    Interesting virus. Once the pc is connected to the internet or a network it will be a target. I find that the latest trend is to try and trick ppl into buying fake av software. Nothing Hiren BootCD can't fix....I like ninja pendisk though....It auto-immunizes usb drives.
    "To err is human - and to blame it on a computer is even more so."
    Alcatel One Touch PIXI 3 (4.5)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •