Paul Know's Tech

Entries in little virus (4)

Thursday

Feb192009

PolyMorphic Win32:Vitro Most Viraulent Virus

Author:

Paul Sylvester | Date:

Thursday, February 19, 2009 at 5:09AM |

Permalink

This seems to be an virus that is getting some people hit hard. I wanted to blog about this because of the nature of Virus and Trojans. I have read reports that this might be from Online Movies, and I have to say this is one reason why you must stay away from certain online movies. I am going to take a guess that this virus requires a special CODEC, and you downloaded it and installed it. It Could also be the update the Adobe Flash player idea to but still results in getting the Virus.

As I said before you take a risk when you go to sites you don't trust or know anything about. You also should know that if you need a "SPECIAL" codec, you should just go on to another site. These sites that claim they need this special codec means only one thing they want to install something without your Knowledge.

So what is this Virus:

The Virut family of viruses uses polymorphism to hide from all anti-virus protection, it infects executable files. File infection makes it very hard to repair a system that has been infected. W32/Vitro injects code in running processes and hooks the following functions in ntdll.dll which transfers control to the virus every time any of these function calls are made.

* NtCreateFile
* NtCreateProcess
* NtCreateProcessEx
* NtOpenFile
* NtQueryInformationProcess

[via Avast Forums]

After you get this very bad Virus you are done for. You would need to install the Operating system from backups or even start a new. This seems to be building this week and there isn't much you can do once your infected. I do recommend a good Anti-virus and Firewall but that wouldn't fix the problem right now. You will need to pull your backups out and start the process. I suggest a complete wipe and then do the Restoring the backups. This little virus likes to infect any .EXE it can so just restoring the Windows Directory will not help. Remember only you can prevent from getting infected.

2 Comments | in

2009,

ATI,

Anti-Virus,

Avast,

Avg,

Back,

Back up,

Bad,

CES,

Call,

Codec,

Down,

EA,

Event,

Facebook,

Firewall,

HP,

Html,

IDE,

Inc,

LAN,

Make,

Movies,

NIN,

Online Movies,

Open,

Operating system,

Player,

Spam,

Tech-linkblog,

Tor,

UPS,

Update,

Virus,

Vista,

WIndows,

Will,

Window,

Windows Vista,

adobe flash,

adobe flash player,

anti virus protection,

anything,

backups,

building,

com,

dll,

download,

exe,

executable files,

guess,

href,

mean,

reason,

right,

risk,

running processes,

time,

viruses,

vitro,

way,

win32,

windows directory

Friday

Dec122008

Inside understanding of win32.netsky.q

Author:

Paul Sylvester | Date:

Friday, December 12, 2008 at 4:02AM |

Permalink

Netsky.Q is a worm that spreads through e-mail. It is distributed as a 28,008 byte Win32 executable, compressed with PEtite, which drops a 23,040 byte DLL file. It also distributes itself inside ZIP archives.

I saw this on on the net and through we should talk about and let people know how you could get that the worm off your computer. It seems to be a self-replicating worm, it will continue to send out fake messages to people with the subject lines Like:
[ad#ad2-left]

Delivery Error

Delivery Failure

Delivery

Mail Delivery failure

Mail Delivery System

Mail System

Delivery

Delivered Message

Error

Status

Failure

Failed

Unknown Exception

Delivery Failed

Deliver Mail

Server Error

Delivery Bot

And with each message there is the reciepts email address at the end. This worm seems to be spreading like wildfire today. It is because people have not install

Microsoft Security Bulletin (MS01-020)

[ad#ad2-right]Now how do you get rid of it. It seems that most of Anti-Virus software would get it done. All you would need to do is scan for this virus with the latest updated virus databases and will go away. According E-Trust Anti-Virus they say they can remove it. This is a really old virus, according to my sources this was first seen in 2004. In order to prevent this in the future I'd suggest installing a free anti-virus and using it. This is one smart little worm according to CA IT.

If you have quite a few Desktops in your Office and want to update all of them to the newest patch all in one swoop, I'd suggest downloading Clone of Autopatcher and making an ISO image so you can go around to each computer and install the patches quickly and easily. Prevent yourself from getting that virus and some others in the future. This is a friendly tip for all those hard working IT workers.

Facebook: Virus Variant comes back from the dead!

Author:

Paul Sylvester | Date:

Monday, December 8, 2008 at 6:22AM |

Permalink

In my recent post, I talked about a Virus that is circulating around on Facebook. It is know as the Koobface virus and has been changed a little by the programers. So I what is Techworld saying, just this:

[ad#ad2-right]

In fact, Koobface is now using one of Facebook's own features against it, Lovet said. The latest variant uses Facebook's ability to redirect web links to drive users to malicious websites, often hosted on Geocities.com, Lovet said.

[Via Techworld]

If you have been victim to this little virus, you should check out my Virus removal page and download the programs that should fix this little virus for good on your system. You should also check out my Previous post I also have some good tips and tricks to prevent the user(YOU) from getting hit by this virus in the first place. This virus is a Good social engineered virus, so please be careful.

Avg detected Trojan Horse Generic 12.htc?

Author:

Paul Sylvester | Date:

Saturday, November 8, 2008 at 10:07AM |

Permalink

Just got a warning from AVG about, trojan horse generic 12.HTC, haven't heard of it, anyone out there hear if this one? apparently it infects explore.exe, and after months of explore.exe crashing I'd say it's a legit virus.

[Via Answer Bag]

Some tricks and tips to remove this little virus is quite simple. It is embedded in your system so how do you remove this threat? Easy follow these steps and you will have a better chance of getting rid of the virus:

Find out all you can on the virus -- Finding out the extent of where the virus lays is really a good idea. Just because you found one place doesn't mean it isn't also hiding some other place. Some good ways to figure out where it might be is to download Hijackthis and Then onces you download it and install. Run it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.

See if you can remove the Hidden Virus -- After you find out what the extent of virus may lay. You will need to download these programs. Run whichever ones you like to see if you can locate and delete the virus. You may also consider using one of the several onine services to see what they might suggest or see if they can find this virus.

Check your services and reboot sequence -- After you think you've gotten rid of the virus, reboot and do a rescan. Usually the Virus will respawn after you reboot, some of them have a command in the reboot sequence. You may want to check your reboot sequence, by check with MSCONFIG. Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed. The best bet is to google search each service or program that is in there and see if that might fix the problem.

Might be time to re-install Windows -- Although this is the hard for people, this can sometimes fix the most challenging virus. You need not have to loose your important data. The only thing to remember when you back up is when restore you data after you re-install windows. Just remember one thing, if it is an .EXE, .COM, .BAT, and .MSI extensions than that might risk you getting the virus all over again. Although remember that you will need the other tools I talked about on #2 to keep from getting the virus again.

These are some tricks I use to get rid of a virus and now I've shared them with you and now it is up to you do the work. If you have any tips or tricks to get rid of a virus leave a comment.