when was the last time anyone found a real live virus ?

About a month ago. The avpo virus. It was on my camera that got infected by the photo shop we use to develop pictures. This is a very common one here. See it all the time. Easy to clean up from also.

Our CPA (Certified Public Accountant) managed to infect our club computer all the time.

 

LOL... As he ever heard of the "Accounting Virus?".

Here's another one at ya's...

 

drwebber? Hermes

 

Hehehe... I thought it might give you a few tingles C.S.J...

I use a "Range" of tools, only do it manually when everything else fails.

 

what failed you then?

 

I have had situations when things are blocked outright or no scanners can find anything... Trust me it happens more often than you think.

 

Those pesky Vundo's DLLs injected in winlogon and explorer. What a PITA.

 

Oh...ya tell me...
I'm seeing more of em in last few days...

 

I can't track down the origins of some of these Vundo infections. Usually, they come from spammed links in MSN Messenger or when searching for porn. But, for some Vundo infections that I had to clean up, I had no clue of where they originated from.

 

Probably XSS via IFrame Injectors... Untraceable unless they remember the actual URL they visited and even then some have rolling IP's so tracing where the XSS pulled from is rather difficult.

 

I can't gather anything meaningful from the browser's cache and history folders

 

Nope you need to have a protocol analyzer or some type of scope on the transaction to get the proper detail during the inception point. Otherwise you need the logs from the web server... Sourcing infections is mostly anecdotal because of its complexity as you can see.

 

well, ive just ran into another 'possible threat'

could be an FP, only 21% detect it via VirusTotal.

but i will get drweb and prevx to check it for me before i decide to do anything with it

 

I only get em if I go looking for em to test stuff out. But I have never been actually infected by one. In my normal surfing I never see any.

 

Hello all...

One PC 8 different listed bugs... "He" should be getting a prize! (Mostly Zlob Variants). + 2 more "exotic bugs" I "manually removed"...

Worthy of note... Cureit only found 1 virus and no variants the one it found is (isfun.exe) Trojan.Popuper.Origin

The bug found by PREVX CSI (With the Wrong Name must I add) is properly labeled here: (kmq0.exe) Generic.Dropper.xCodec

EC: Removed Virus Total results.
Please read this announcement. Thank you.

 

any idea how he got this infected ?

 

If I was a gambling man... I would put my $$$ on a Porn site!... However, he could have received the graciously free codecs almost anywhere!
Usually when I ask if they browse Porn site... they say never... (wife might be near at the time... Mmmh...not sure...)

 

The New Prevx CSI gave me several nasty surprises yesterday!
First it begins with AV's killing the attempt to install CSI
Starts here: https://www.wilderssecurity.com/showpost.php?p=1176615&postcount=1
Then once able to Scan with CSI It finds Rootkits on several of the scanned computers...

This one got me running around all day.
My only concern here is that CSI did not provide a "name" for the Rootkit only "Malicious Root Kit Detected".

I have worked on two systems yesterday, both infected with a rootkit. Both system had Sandboxie, one even had returnil + several other security tools... Including the latest NOD 32 v.3 the other had AVG AV Free, and both had Prevx 2.0 ?... Scan with GMER & a few other tools failed to drum up anything.

Took me about 6 Reboots, with each new scan finding more hidden crap to cleanup. Between both boxes it took about 12 reboots, but it's now gone, A third PC in the same office was clean. whatever it was... Notice the "In" Traffic at the bottom.... I actually missed the best part (about 10 or so inbounds) as I couldn't take a snapshot fast enough! (they started to disappear during the scan)
I'm still going through the logs to figure it all out. (I kept the scan logs for CSI)
The Pics only relate to one of the PC's and only one set of scans, there was several with far more infections detected...

Note: The "Delete Rootkit from System Restore" function failed as infection would reappear until I completely deleted the System Restore manually. And took a chance to cleanup without hopes of easy recovery... (It worked).

However here it is:

 

Hi

The detections on that system appear to be false positives, possibly due to Sandboxie preventing CSI from accessing system areas.

Can you please send me one of your logs and exactly which versions of the security products you are using on your system?

Many thanks,

Marco

 

3 systems basically same configuration. 2 badly infected (the image is only the first scan some had over 65 "hidden" and locked files detected... took me more than 5 hour to cleanup between to PC's... no fun!

Please send me your e-mail address... (support@ hermes-computers.ca)

 

Were you running CSI from within Sandboxie? Or, what mode in P2 were you using? (ABC/Expert) These files appear hidden because something was preventing CSI from reaching system areas in a suspicious way - either there was a malicious program locking down the system or CSI was being run in a limited environment

 

I encountered a virus on a website devoted to drumming yesterday whilst trying to find some more recommended albums featuring the wonderful Tony Williams - so much for safe surfing. The site was in the first ten Google results. Tony Williams' drumming is infectious indeed...

Avira PE Premium stopped it. I submitted the file as a possible false positive, but their lab determined that it was a genuine threat.

"Our analysts named the threat HTML/Silly.Gen. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script."

 

All these answers. Guess what. You would never have been able to answer to this thread, unless you had the indispensable AV.

 

Today... Purchased a MP4 player from eBay... inserted it into my laptop via USB and...
Worm.Win32.AutoRun.ag File: F:\pefbutr.exe
Virus.VBS.AutoRun.z File: F:\`.vbs
and a hidden autorun.inf of course!...


If my AV would have missed the malware and let it run and if it bypassed my BehaviourBlocker and if my firewall didnt have outbound protection, because the malware is also a downloader, I would have been infected by also:
Trojan-Downloader.Win32.Agent.gjg (Program Files\1A0603.exe)
Worm.Win32.AutoRun.ag (Program Files\meex.exe, Program Files\Common Files\Microsoft Shared\atthdop.exe, Program Files\Common Files\System\udchniv.exe)
Trojan-Downloader.Win32.Agent.gjf (Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGwd2.dll)
Trojan program Trojan.BAT.KillAV.gb (Program Files\Common Files\System\hpbnijr.bat)


Thank god I had prevented autoruns from USBs and CDs.... wouldn't have known about disabling autoruns if I didn't read malware forums... and I don't expect the majority of other computer users to know about disabling this.

 

hew... thank god... personally, i wouldn'tpurchase anything from eBay.