Fun with Kak and Trojans!

Discussion in 'malware problems & news' started by JimIT, Apr 25, 2003.

Thread Status:
Not open for further replies.
  1. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Had a "neat" experience with a KAK infected, Backdoor.Autoupder infected computer this week.

    Bits of trivia:

    Pentium II Dell machine w/98SE, 9 gig drive, McAfee (no updates since 199:cool:, defrag apparently *never* used, xupiter/napster...

    DAY 1:
    Get a late afternoon start on this, but...
    2:30 pm
    Booted from floppy and ran F-Prot DOS: Found and killed 3 kak infections, and one .exe dropped by the trojan.
    Re-booted from floppy and ran F-Prot twice more. Machine shows clean on both scans. Ran Symantec's Fixkak.exe, and get "successfully removed" message. Installed and ran NU WinDoctor: 143 probs, used fix all button and reboot. Go home about 5:45.

    DAY 2:
    9:30 am
    Edit autoexec.bat to remove crap from kak. Installed Avast! 4, and run in Windows: Avast detects Autoupder trojan running in memory!
    Can't remove while running. Reboot in safe mode and manually delete .exe, and *.hta files (there are two--both different from yesterday). Manually edit registry to remove kak junk, and xupiter entries. Reboot. Rerun Avast. Clean scan. Install NIC and hit internet to run Housecall. Clean scan. Reboot. Rerun Avast. Clean scan. Defrag drive that is 45% fragged. Reboot. Go home about 5:30.
    10:30 pm
    Run Avast! Detects kak in MSN mail files. Two infections, which it deletes. Alarmed. Check for signs of trojan. Trojan appears to have been successfully removed. Check registry and autoexec.bat files again. No changes--didn't expect any.

    DAY 3:
    7:30 am
    Run Avast! Clean scan.
    8:35 am
    Run Avast! Clean scan. :cool: :D

    Total time spent on cleaning/maintenance: 10+ hours. Down time of 3 days for user. :doubt:

    Moral of story? For less than 100 bucks this all could have been prevented. :mad:

    (But it wouldn't have been as fun for me!) :D :D :D
     
  2. Patrice

    Patrice Registered Member

    Joined:
    Apr 15, 2003
    Posts:
    571
    Location:
    Antarctica
    Hi JimIT!

    Ever considered of using TDS-3? I think it would be worth it! I understand that it was "funny" in a way, but with TDS-3 you got even more power agains trojans. :D

    You can still install the trial version of TDS on the former infected computer and see what happens. Who knows... ;)

    Best regards!

    Patrice
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Let's hope for more fun then! Don't forget to close the gates with a firewall unless you really like more cleansing.
    I would love to have the whole lot installed on such a computer with TDS / WG / PE, AutostartViewer, several spyscanners, etc. Depending on what ran on it, of course.
    Always nice to get such oldies back in good condition and uptodate.
     
  4. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    How boring would our lives be without the good old 'antivirus with cobwebs on it!' syndrome ;)
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Job well done, Jim!

    regards.

    paul
     
  6. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Thanks Paul, :)

    One of those things you do "on the side" while you're doing your "real job". ;)

    I guess one point I was trying to make is that it really pays off to have your ducks in a row as far as updating and maintaining the security software on your computer. The other thing I hope everyone noticed is that sometimes, virus scanners and removal tools don't completely clean out the bug, so again, it really is easier to be proactive rather than reactive when it comes to security.

    Regarding AT's, Patrice, unfortunately the old saying "you can lead a horse to water, but you can't make him drink" applies here. ;)

    I've also found that for the uninitiated, something like BOClean is a little more user-friendly--especially with the "clientele" I handle! No offense to the fine products produced by Diamond CS--they are great, but I use and recommend BOClean to most of the admitted computer "novices" I usually deal with.

    It's amazing how "lazy" a lot of users are. Sometimes it takes an incident like this to wake 'em up. ;)
     
  7. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    BOClean may well be the better choice for the uninitiated, theres little point confusing them with a program that they cant fully understand, the chances then are that they wont use it!
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Points well made, Jim ;).

    regards.

    paul
     
Loading...
Thread Status:
Not open for further replies.