Tale of a virus...

[Spennyboy]

Hey guys,

Been battling a couple of viruses this week.

w32.rontokbro - this ones real clever, once infected it disabled pretty much everything that you could do to cure it.

Control panel, regedit, cmd, internet etc etc.

Had to format in the end

w32.ircbot - basically a remote trojan that can be used via mIRC. copies itself everywhere including all usb sticks that are plugged in. start.exe and isass.exe are how you find it on the machine.

chess.exe - this one still has me, titled w32.orgid by most of the web. Replaces your drives with the chess icon. Latest definitions etc dont clean it.

fun fun fun

The end.

[the_wizzard]

have you tried using RRC? and if u can find the exe's then upload em to virustotal and all def's will get updated!


have you tryed this sandboxie

or maybe you could try using vmware

[Spennyboy]

Not done the above, will do tho - cheers

[liveseytowers]

If you are getting so many infections it might be best as wizzard says, get VMWare and install on a virtual machine first and nuke it if it goes tits up. Just don't get an infection when you download a dodgy copy of vmware lol

[jaguar982]

What a/v are you using that it got past, could be useful to know cheers

jag

[tombott]

As jaguar982 said it would be interesting to hear what AV you had running.
Also if you do go down the Virtual route VM does a free version of VMServer so no need to download anything cracked.

[Spennyboy]

Its Symantec updated to the 22nd October.

It picks up and cleans the first 2, just not the chess.exe even if you scan the file directly.

I have plenty of test terminals to try various methods on so VM is not needed.

[tombott]

Its Symantec updated to the 22nd October.

It picks up and cleans the first 2, just not the chess.exe even if you scan the file directly.

I have plenty of test terminals to try various methods on so VM is not needed.

You running the Corporate version?

We have Symantec Endpoint 11 here so would be interesting to know if I need to look out for these.

[Spennyboy]

Corp 10.2 i believe - would have to double check.

Well i have plenty of infected USBs i could send you to try

Chess.exe is some shitty p2p virus. Massive links to limewire, emule etc etc etc.

[Nibb]

Symantec...FFS m8, how long have you been on this forum!

Its gotta be NOD32 & malwarebytes as a minimum!

[tombott]

Corp 10.2 i believe - would have to double check.

Well i have plenty of infected USBs i could send you to try

Chess.exe is some shitty p2p virus. Massive links to limewire, emule etc etc etc.

lol, upgraded from that version two weeks ago.
You got upgrade protection with Symantec?
If so get the latest version down, it now includes Anti-Spyware, Firewall etc.

[Spennyboy]

Symantec...FFS m8, how long have you been on this forum!

Its gotta be NOD32 & malwarebytes as a minimum!

Its at work mate, not my personal machine.

[tombott]

Symantec...FFS m8, how long have you been on this forum!

Its gotta be NOD32 & malwarebytes as a minimum!

Symantec Corp edition is a world away from the version 'home users' get, and I'd you'd be hard pushed to find better.

[Spennyboy]

lol, upgraded from that version two weeks ago.
You got upgrade protection with Symantec?
If so get the latest version down, it now includes Anti-Spyware, Firewall etc.

Not sure i'll have to check exactly what were covered for - i believe our licence expired or is about to.

Im off for a week now anyway so fuck it

Roll on London

[Nibb]

Its at work mate, not my personal machine.

Symantec Corp edition is a world away from the version 'home users' get, and I'd you'd be hard pushed to find better.

Fair enough then!

[allanj]

Symantec...FFS m8, how long have you been on this forum!

Its gotta be NOD32 & malwarebytes as a minimum!

I agree 100% also try "Trojan Remover"