Computer Tips -Tech Info

Category: Viruses

  • Disinfecting a PC… part 6

    Ok, it’s BHOdemon time… installed from cd and on starting:

    BHOdemon bhotb-all.html not found, no web connection downloading on other machine.

    Finally get it to work copying from another machine. But I had to change the Windows ME to show full filenames to help troubleshoot why it couldn’t find the file (naming problem.) (There seems to be a strange display problem on setting “don’t hide file extensions” menu, (I can’t see the check boxes or the checkmarks…. I managed to toggle them “blind” to show file extensions)…

    (more…)

  • Disinfecting a PC… part 5

    OK, we’re moving on to BHOdemon to take care of the browser helper objects. Unfortunately it looks like BHODemon is not being currently maintained, the developer has had a housefire.

    I am very sorry, but BHODemon is currently on hiatus, as I no longer have the time to devote to it (due to a house fire). You will not be able to download updates or upload reports, and I will no longer be answering emails. At some point, BHODemon may return. I would like to thank everyone for their support over the years.

    (more…)

  • Disinfecting a PC… part 4

    So, AVG has been scanning away finding things we’ve really got a foothold on the system and the malware has a fight on it’s hands. It’s good to see progress. Up to this point we’ve had multiple Spool32 errors (printer related). These errors are what prompted the system to be brought in initially. There’s a lexmark system tray item that loads on boot. No time to investigate that yet. Here’s the log of the AVG antivirus scan…

    (more…)

  • Disinfecting a PC… part 3

    Picking up from last time… AVG was failing to install with a peculiar registry error. (Which I didn’t see much reference to online.) OK, so here is another fruit of the online search (so many bugs to identify…)

    jawa32.exe is listed as spyware.seekseek in sarc’s database.

    OK – let’s see if we can kill of some of these suspects… it’s time for a couple cycles of ctrl-alt-del to remove running processes that look suspect, followed by msconfig – disabling of processes running at boot, reboot, repeat.

    (more…)

  • Another beagle virus variant

    Incidents.org is reporting this as well…

    A new Beagle variant is making the rounds. It comes in an almost empty email, as a ZIP attachment containing the worm as an EXE. The attachment name, email subject and sole text content of the email all seem to be male or female surnames. Keep your eyes peeled, especially if your users are reading their mail over webmail, as it seems to take another couple of hours until the AV vendors have their patterns lined up.

  • How festive – the dasher worm…

    The securityfix is reporting on a new worm that exploits an older Windows vulnerability. The worm is called dasher and is in at least it’s second iteration. Sans noticed an odd increase in port 1025 scans on the tenth of the month which was early activity of this worm. It looks like the first version of the worm didn’t work fully, but this second one does. It installs a keylogger.

    (more…)

  • Disinfecting a PC… part 2

    Ok, the last post got a bit long with the hijackthis log, but I wanted to include the whole picture. I put a few comments in, but thought it might be useful to include the notes I took at the time. For starters I leave it unplugged from the network. (There is no network card in this machine.) It’s important when working on an infested PC to leave it isolated so that it can’t continue to spread viruses or spam or whatever it may be doing. Assume if it’s infested with something that it could be spewing out bad stuff. If you must, isolated it and prevent it from routing to the outside world… the safest is usually to leave the cable unplugged for the initial look over.

    (more…)

  • A couple warnings related to fake security sites

    Sunbelt has this warning about yet another fake security site. This one is laid out a bit different than the others we’ve seen in recent days. It’s not quite the same spoof of the Windows Security Center, but it makes use of Microsoft’s security logo. (And it does say Security Center at the top of the page along with “Help protect your pc”.) From sunbelt…

    For your block lists:
    amaena[dot]com

    (more…)

  • Disinfecting a PC… part 1

    This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc’s I’ve seen. It’s also an interesting counterpoint to the network security series.)

    (more…)

  • Clamantivirus may get support from eEye?

    This would be a good thing for clamantivirus. eEye is considering “adopting” clamav for inclusion in their Blink product. The idea is that they would improve clamantivirus and then start integrating it as antivirus scanning functionality in their product. This would be really promising for the prospects of having clamav (clamwin) do real-time, on-access scanning on the windows platform.

    (more…)