TheChrisD - Rant Central » Rants

Saturday the 22nd of December, 2007

Argh! Virus!

Posted at 10:44:16pm UTC
Unfortunately, no more rants down there!

Seems I’ve been hit by one of the new malware viruses going around…

It’s an annoying little piece of crap that adds regenerating desktop shortcuts, prevents you from accessing My Computer and Control Panel most of the time, makes annoying pop-ups on startup, and creates thousands of .tmp files in My Documents and your system drive.

After a bit of Googling, and filtering through useless hits, I seem to have come across a helpful enough thread which may help to solve this: http://forum.bitdefender.com/index.php?showtopic=3561&st=0

Here’s one of the posts on that thread, which is itself taken from another website. If you are experiencing any of these problems, then I think you’re infected!

Hi,

It appears that antivirus signatures for well known AV-Vendors - are not available at the time of writing this mail.

Threat : Virus Activity
Infected Systems: Microsoft Windows [Observed on XP-SP2, ??]
Critical : YES

Common symptoms:

1]Systems drives show red cross in front of each drive icon [probably showing disconnected state of the logical drive]

2]System alerts:
a] NT_kernel error 1256
b] A potential problem has been detected and Windows has been shutdown buggy application to prevent damage to your computer.
****WXYZ.SYS - Address F73120AE base at C00000, DateStamp 36b072A3
Kernel Debugger Using: COM2 (Port 0×28f, Baud rate 192000)

3]Several pos*.tmp files created in system drive.

4]Two new shortcuts created on Desktop
a] Windows Update [http://storageprotector.com/clean/p=60&gai....]
b] Help an Support Center [http://storageprotector.com/clean/p=61&gai....]

Both point to some suspicious links [not the authentic Windows Update Server]

Screenshot of an infected desktop with a few alerts:
http://img265.imageshack.us/img265/8682/sceenkb9.jpg

Discussion:
Interestingly, there’s a thread initiated in the bitDefender AntiVirus Forum - since YESTERDAY, discussing this issue:
http://forum.bitdefender.com/index.php?showtopic=3561

Fix:
VundoFix AND Combofix utilities are successfully used to detect several malicious files indicating infection. This utility also has an option of removing the infection.

VundoFix
http://www.tinyurl.com/9uaag

Combofix
http://tinyurl.com/22n35l

Amol Sable
Security Analyst (Secur-i Group)
http://www.securview.com

UPDATE (23/12 @ 01:46) - VundoFix seems to have quelled the virus for now. I’m not sure whether it’s gone completely as I haven’t rebooted my machine since it’s been cleared. But it seems to have done the trick. In fact, my entire comptuer is running much faster now

Cats: Web Stuff
Tags: infected, malware, virus

No More Rants

Baby Bear does not like it when there are no more rants... Poopy.

Rant in reply

If this is your first time ranting here, I'll need to approve of it first. If I do, then the floodgates are open (not literally!) for you to rant away unhindered in the future.

If you were so hungry you ate your "ranting cookie", then I'll need to approve your rant, and give you another cookie. Go put it in the biscuit tin, padlock it shut and throw away the key!

Gravatars are enabled, so show us your mug!.

Links are automatically "dofollowed" after two days, giving me time to kill the spam! With that in mind, any rant with 3 links or more will need my explicit approval.

Clicking the little arrow by a ranters' name allows you to specifically rant in reply to them, Twitter-style.

Since this load of drivel is about a month old, if your rant is caught by the spamhammer, it will be immediately owned and won't get a chance to respawn. So play nice!

And you are? And don't say you don't have a name!

E-mail please. Will not be sold on to a spam company.

Your home on the web, if you've got one.

Your rant, obviously.