Virus active but not found by A/V or malware removal apps

Discussion in 'Anti-Virus' started by R Tin, Dec 16, 2007.

  1. R Tin

    R Tin Guest

    Received in news group, an apparently joke post with link to humorous web
    site. Offered download of a *.jpg (expedit.jpg.zip). Concealed file name
    included .vbs. Purports or pretends to alter system files; calls for repair
    with Win XP Home disk. A/V and other programs find no virus. Anyone who
    knows how to get rid if it, please advise.
     
    R Tin, Dec 16, 2007
    #1
    1. Advertisements

  2. R Tin

    Dustin Cook Guest

    If you'd care to send a sample of the file you downloaded/received along to
    my email address (instructions provided on site) I may be able to assist in
    it's removal.


    --
    Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
    Email.:
    Web...: http://bughunter.it-mate.co.uk
    Pad...: http://bughunter.it-mate.co.uk/pad.xml
    PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    Dustin Cook, Dec 16, 2007
    #2
    1. Advertisements

  3. hxxp:// www. webklik. nl/users/ dutchsecurety/
    osamebinladenphoto.jpg.zip

    Fix the obvious munging. ("dutchsecurety" is really misspelled in the
    link)

    Caution: OE/IE users - do *NOT* go to this link.
     
    Beauregard T. Shagnasty, Dec 17, 2007
    #3
  4. R Tin

    Dustin Cook Guest

    The file I have doesn't appear to cause much mischief, it's a vbs worm
    however. And it does have a denial of service payload. I will add it to
    BugHunter.

    --
    Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
    Email.:
    Web...: http://bughunter.it-mate.co.uk
    Pad...: http://bughunter.it-mate.co.uk/pad.xml
    PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    Dustin Cook, Dec 17, 2007
    #4
  5. R Tin

    Dustin Cook Guest

    Thanks man.

    I've taken a quick look at it. it's a worm, written in vbs. No encryption
    that I could find, but it does contain a denial of service attack towards
    a particular website; and it has a creation date. It's new evidently.
    Seems to overwrite? pre existing vbs/vbe files with it's own code. Makes
    registry entries to try and ensure it'll startup with windows, and it's a
    mass mailer....

    BugHunter now offers detection and optional removal.




    --
    Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
    Email.:
    Web...: http://bughunter.it-mate.co.uk
    Pad...: http://bughunter.it-mate.co.uk/pad.xml
    PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    Dustin Cook, Dec 17, 2007
    #5
  6. R Tin

    Dustin Cook Guest

    BugHunter is now able to deal with one known variant? of this worm. Please
    scan your system using the utility and report back your results. You can
    find the utility and the entire documentation online for it at the url
    listed in my signature below.


    --
    Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
    Email.:
    Web...: http://bughunter.it-mate.co.uk
    Pad...: http://bughunter.it-mate.co.uk/pad.xml
    PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    Dustin Cook, Dec 17, 2007
    #6
  7. R Tin

    4Q Guest

    *HAHAHA* Yes keep up the act Dustbin,
    you've got Liarthos convinced you are
    "One of the good guys""...

    Is Stormtrooper cooked and baked yet?
    *wink*

    4Q
     
    4Q, Dec 17, 2007
    #7
  8. R Tin

    R Tin Guest

    As an OE user, Thanks again Beauregard. Apparently Bughunter is disfavored
    here.
    Regards,
    RF (R Tin)

    |
    | hxxp:// www. webklik. nl/users/ dutchsecurety/
    | osamebinladenphoto.jpg.zip
    |
    | Fix the obvious munging. ("dutchsecurety" is really misspelled in the
    | link)
    | !!!!!!!!!!!!!!!!!!!!!!!!
    | Caution: OE/IE users - do *NOT* go to this link.
    | !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    | --
    | -bts
    | -Motorcycles defy gravity; cars just suck
     
    R Tin, Dec 17, 2007
    #8
  9. You're welcome.

    Bughunter is only disfavored by a few who don't like author Dustin and
    his former occupation. I don't think you will have any problem using it.

    So ... now what are your thoughts on upgrading your email/newsreader
    application to something not vulnerable?
     
    Beauregard T. Shagnasty, Dec 17, 2007
    #9
  10. R Tin

    R Tin Guest

    |R Tin wrote:
    |
    | > As an OE user, Thanks again Beauregard. Apparently Bughunter is
    | > disfavored here.
    |
    | You're welcome.
    |
    | Bughunter is only disfavored by a few who don't like author Dustin and
    | his former occupation. I don't think you will have any problem using it.
    |
    | So ... now what are your thoughts on upgrading your email/newsreader
    | application to something not vulnerable?
    |
    | --
    | -bts
    | -Friends don't let friends drive Vista

    Hello, Beauregard. I haven't been thinking about a replacement for OE, but
    if you have a recommendation, I'd like to look at it and maybe even bestir
    myself into making a decision.
    I'm used to OE and lazy about such onerous chores as reading the f-ing
    manual for new apps.
     
    R Tin, Dec 18, 2007
    #10
  11. Thunderbird is the oft-recommended replacement for OE, and is (in
    operation) quite similar. Well, after all, a mail application is more or
    less restricted to *how* it works by nature of its job.

    When you install it, it will offer to import all of your OE settings and
    your email. (Clean out old unwanted stuff in OE first.)

    S'far as I remember, it won't import News settings (unless newer
    versions have changed that); you may have to set those up yourself, but
    all you do is use the same info.

    http://www.mozilla.org/support/thunderbird/
    Shouldn't take you more than one session to get used to it. I've been
    using it since version 0.2
     
    Beauregard T. Shagnasty, Dec 18, 2007
    #11
  12. R Tin

    R Tin Guest

    Thanks again - I'm off to get thunderbird right now.

    --
    R Tin
    Address anti-spammed

    |R Tin wrote:
    |
    | > "Beauregard T. Shagnasty" wrote:
    | >| So ... now what are your thoughts on upgrading your email/newsreader
    | >| application to something not vulnerable?
    | >
    | > Hello, Beauregard. I haven't been thinking about a replacement for
    | > OE, but if you have a recommendation, I'd like to look at it and
    | > maybe even bestir myself into making a decision.
    |
    | Thunderbird is the oft-recommended replacement for OE, and is (in
    | operation) quite similar. Well, after all, a mail application is more or
    | less restricted to *how* it works by nature of its job.
    |
    | When you install it, it will offer to import all of your OE settings and
    | your email. (Clean out old unwanted stuff in OE first.)
    |
    | S'far as I remember, it won't import News settings (unless newer
    | versions have changed that); you may have to set those up yourself, but
    | all you do is use the same info.
    |
    | http://www.mozilla.org/support/thunderbird/
    |
    | > I'm used to OE and lazy about such onerous chores as reading the f-ing
    | > manual for new apps.
    |
    | Shouldn't take you more than one session to get used to it. I've been
    | using it since version 0.2
    |
    | --
    | -bts
    | -Motorcycles defy gravity; cars just suck
     
    R Tin, Dec 18, 2007
    #12
  13. R Tin

    R Tin Guest

    Thanks, Dustin. I unchecked ddosattacker in msconfig, and no more file
    security messages. Removed that file and expedit.jpg.vbs, and ran system
    file checker, which completed in half an hour but gave no report or any info
    about files more recent than those installed. Guess that's standard, but
    don't know. First running of sfc /scannow.

    --
    R Tin
    Address anti-spammed


    | |
    | > Received in news group, an apparently joke post with link to humorous
    | > web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
    | > file name included .vbs. Purports or pretends to alter system files;
    | > calls for repair with Win XP Home disk. A/V and other programs find no
    | > virus. Anyone who knows how to get rid if it, please advise.
    | >
    |
    | The file I have doesn't appear to cause much mischief, it's a vbs worm
    | however. And it does have a denial of service payload. I will add it to
    | BugHunter.
    |
    | --
    | Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
    | Email.:
    | Web...: http://bughunter.it-mate.co.uk
    | Pad...: http://bughunter.it-mate.co.uk/pad.xml
    | PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    R Tin, Dec 20, 2007
    #13
  14. R Tin

    Dustin Cook Guest

    I'd be happy to do so, Please follow the instructions provided on my site
    to succesfully submit it to me for analysis. And thank you for the
    opportunity.

    --
    Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
    Email.:
    Web...: http://bughunter.it-mate.co.uk
    Pad...: http://bughunter.it-mate.co.uk/pad.xml
    PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
     
    Dustin Cook, Dec 29, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.