1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Heads up! Worm/Trojan active last few months

Discussion in 'Windows Security' started by NT Canuck, Oct 23, 2009.

  1. NT Canuck

    NT Canuck Guest

    One file post install detected a few weeks ago by one person;
    <http://www.virustotal.com/analisis/37ecc048cc7c01ca4b4e840742f736c40e8974d8f0158d67255974aa0d56643c-1254444923>

    Somewhat similar in some aspects;
    <http://episteme.arstechnica.com/eve/forums/a/tpc/f/99609816/m/498005911041>

    However, detecting one of the particles of an
    infection or dropper may not show others related,
    and if your A/V etc. has crashed or failed to load
    then run tool in the post from majorgeeks link.

    This one pretty good and has most info in the pdf
    (It's a part hack/detect mix of folks so heads up! )
    Which means don't got there if you are soft and squishy. [​IMG]
    <hxxp://www.rootkit.com/blog.php?newsid=966>

    Direct link to 21.9kb pdf.rar examination/review
    <hxxp://www.rootkit.com/vault/DiabloNova/017_MAX_Rootkit.rar>
    If the link doesn't work for you...then you're not ready.

    Note that file permission may also be changed, and
    possibly some off by one or more executable loading
    points (codewise not just on disk or ram location).

    Quick tool, if you show any device/global you need help.
    Do not attempt repair without extreme skills, goto a
    forensic/malware forum and get assistance by case.
    I'm not even sure if there are any residual effects
    after a reformat and re-install or not, definitely if
    you have the problem your 'protection' needs work.
    <http://forums.majorgeeks.com/showthread.php?t=198257>

    Gmer should detect it but above is a quick post
    infection notice, other tools be real_careful and
    even upload to virustotal for testing if not sure.
    <http://www.virustotal.com/>

    If you don't have an antivirus installed then
    at the very least use the Microsoft offering
    (update and scan pronto)
    and do_not attempt to disable any features
    since you will act as your own umm..virus.
    This does require a real Windows (legit).
    <http://www.microsoft.com/Security_Essentials/>

    Also make sure your firewall is enabled, never run
    without some firewall or at least use the Windows firewall,
    also get all updates available via ms updates.

    Upgraded kernel and firewall in Win7release
    (gold) with MSSE should be able to stop infection
    (so far) and I believe WinServer 2008 updated (R2?).
    But that is no guarantee if using a pirate edition
    or upgrading any legitimate Windows OS to
    a newer but not qualified (test for authenticity).

    'Seek and ye shall find'
    NT Canuck
     
    NT Canuck, Oct 23, 2009
    #1
  3. David H. Lipman

    David H. Lipman Guest

    From: "NT Canuck" <remove_ntcanuck@hotmail.com>

    | One file post install detected a few weeks ago by one person;
    | <
    | 37ecc048cc7c01ca4b4e840742f736c40e8974d8f0158d67255974aa0d56643c-1254444923>

    | Somewhat similar in some aspects;
    | <http://episteme.arstechnica.com/eve/forums/a/tpc/f/99609816/m/498005911041>

    | However, detecting one of the particles of an
    | infection or dropper may not show others related,
    | and if your A/V etc. has crashed or failed to load
    | then run tool in the post from majorgeeks link.

    | This one pretty good and has most info in the pdf
    | (It's a part hack/detect mix of folks so heads up! )
    | Which means don't got there if you are soft and squishy. [​IMG]
    | <hxxp://www.rootkit.com/blog.php?newsid=966>

    | Direct link to 21.9kb pdf.rar examination/review
    | <hxxp://www.rootkit.com/vault/DiabloNova/017_MAX_Rootkit.rar>
    | If the link doesn't work for you...then you're not ready.

    | Note that file permission may also be changed, and
    | possibly some off by one or more executable loading
    | points (codewise not just on disk or ram location).

    | Quick tool, if you show any device/global you need help.
    | Do not attempt repair without extreme skills, goto a
    | forensic/malware forum and get assistance by case.
    | I'm not even sure if there are any residual effects
    | after a reformat and re-install or not, definitely if
    | you have the problem your 'protection' needs work.
    | <http://forums.majorgeeks.com/showthread.php?t=198257>

    | Gmer should detect it but above is a quick post
    | infection notice, other tools be real_careful and
    | even upload to virustotal for testing if not sure.
    | <http://www.virustotal.com/>

    | If you don't have an antivirus installed then
    | at the very least use the Microsoft offering
    | (update and scan pronto)
    | and do_not attempt to disable any features
    | since you will act as your own umm..virus.
    | This does require a real Windows (legit).
    | <http://www.microsoft.com/Security_Essentials/>

    | Also make sure your firewall is enabled, never run
    | without some firewall or at least use the Windows firewall,
    | also get all updates available via ms updates.

    | Upgraded kernel and firewall in Win7release
    | (gold) with MSSE should be able to stop infection
    | (so far) and I believe WinServer 2008 updated (R2?).
    | But that is no guarantee if using a pirate edition
    | or upgrading any legitimate Windows OS to
    | a newer but not qualified (test for authenticity).

    | 'Seek and ye shall find'
    | NT Canuck


    If you find any sample of that or anything else...

    Please post the samples to Upload Malware.





    --
    Dave

    Multi-AV -
     
    David H. Lipman, Oct 23, 2009
    #2

Share This Page