PDA

View Full Version : New Virus



Radiation Burns
09-14-2009, 09:31 AM
My neighbors daughter got a virus this weekend that shut down her internet still let programs access the internet. It also killed Malware Bytes, Windows Malicious Software tool, Antivirus, and hijack this immediately after executing them and wouldnt let them run even after a restart. I wiped the puter and reinstalled windows Vista and the drivers and all is well now. I am wondering what the heck it was. I think she got it from Facebook... :D

shifty
09-14-2009, 03:02 PM
There are several new rootktis out there these days that will completely nuke your ability to use anything. A lot of them I'm finding are exploiting the Acrobat/PDF plugin for popular browsers to install a rootkit which consists of a service and driver (DLL) files, all of which are hidden from the Windows API, so the files can't be seen. They also actively kill any known filename of a spyware removal software out there, so it is necessary to rename any removal tools such as ComboFix (a necessity), GMER (also perfect for killing rootkits), and MWB, HJT, etc.

In a case where the infection is as bad as you've just mentioned, ComboFix - normally a lst resort - is my first resort. It will remove rootkit services most of the time, and give a list of recent files created on the system which can really pinpoint the infection.

shifty
09-14-2009, 03:21 PM
and virus makers are becoming more and more clever about how they're hiding the methods used to control your computer as well. Example: http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=16538

Ninjahedge
09-14-2009, 03:47 PM
Clever.

"The crow flies at midnight" in modern terms.

Radiation Burns
09-14-2009, 09:36 PM
Thanks Shifty, So the new viruses are set up to hide, and disrupt peoples lives... is there another purpose? do they make the computer a zombie, or just puss people off? I am glad my son is too young to be on facebook, but I do beleive he will have a linux box for that kind of stuff...

shifty
09-15-2009, 09:08 AM
Zombie!


There is some protection to be gained by going 64-bit.

Ninjahedge
09-15-2009, 09:26 AM
It's only a matter of time before 64 is also compromised......

Radiation Burns
09-15-2009, 11:20 AM
Great, so my left 4 dead playing will pay off? lol

I love this, I have to let my netadmin know. We dont have any active AV on our work systems right now and all the ladies play on facebook all day.

dragonash
09-15-2009, 01:46 PM
Great, so my left 4 dead playing will pay off? lol

I love this, I have to let my netadmin know. We dont have any active AV on our work systems right now and all the ladies play on facebook all day.


wtf does your IT get paid for then? No AV?

Radiation Burns
09-15-2009, 08:46 PM
My IT dept has been attempting to roll out a thin client setup with windoze 2k3 server for over 2 years using citrix and Linux front ends and having hella problems even running at a proper level. If my system runs 6 hrs a day I am lucky. We had an antivirus system that was on about 2 weeks ago and always failed to update. So last week it disappeared altogether from the servers as it was causing long boot times and/or cascading failures at login... That is the story from IT at least, IE: dont you worry about that Mr. Burns, let me worry about that.

The sad thing is that I know more about Citrix and windoze than the 2 admins we have. I wont even go into our head of information services...

Radiation Burns
09-16-2009, 01:05 PM
I sent the email to the IT head, and he said it keeps life interesting, living on the edge... lol

dragonash
09-17-2009, 12:19 PM
what did you say in the email?
how could there not be an antivirus? lol

Dr. Death
09-17-2009, 12:54 PM
Perhaps he thinks that if he gets an antivirus program, he'll work himself out of a job cleaning people's computers.

What a maroon..