Re: A Hijacking Problem

From: "Sebastian Gottschalk" <seppi@xxxxxxxxx>

| David H. Lipman wrote:
|
|>> man cloaking
|>> man Rootkit
|>>
|>> Reliably cleaning a compromised system from the running system itself is
|>> equivalent to halting problem, both in theory and practice.

There is NO RootKit in this.
|
| So, how do you know?
|
It is a case of a Vundo Trojan and/or Virtuomunde Adware infection.
|
| No. It's a case where something that looks like these and probably a lot
| of addition unrecognized malware has used a security hole, and this
| indentified malware has already downloaded and installed a lot of other
| unidentified malware, which has done the same, ...
|
| And you assume that there's no rootkit in this big load of crap? Get
| serious!
|
At the very most the malware loads a DLL in the Winlogon Nofify key and a BHO.
|
| You'd wish.

Please stick to a subject matter that you have direct knowledge on. Ron specifically noted
"Win Anti-Virus".

It is the Vundo Trojan and/or Virtuomunde Adware infection that points to the download and
installation of WinAntivirus Pro, WinAntiSpyware Pro and WinFixer 2006. This is propogated
by...
Amaena
P.O. box1048
Chernigov, NA 14032
UA

Other symptoms are Pop-Ups indicating;
"There is a security vulnerability from the Blackworm virus. We recomen you DOWNLOAD ..."
and
"There is a security vulnerability from the Beagle virus. We recomen you DOWNLOAD ..."

The malware is well known to take advantage of a vulnerability in older versions of Sun
Java.
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

In fact even if you have a non-vulnerable version on the PC, if a vulnerable version is on
the PC the Trojan will traverse the version until a vulnerable version can be exploited.
That's why it is imperative that old versions be removed when updating to a new version.
Unfortunately, the Sun Java installer does NOT remove prior versions before installing a
lter version.

I have been studying and working on this family of malware for about 9 months and is the
reason I have written the WinFixerFix utility.

Please see the post "A Hijacking Problem" in the News Group; alt.binaries.comp.virus
The graphics captured were from platforms infected with this family of malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: WARNING
    ... It relies on you visiting a website and then allowing an installation of the ... malware / rootkit to happen. ... configure their browsers to prompt them before something installs (or who ...
    (uk.people.silversurfers)
  • Re: avp.exe
    ... the same thing as an XP installation CD. ... Malware is in two broad categories: ... I would not uninstall The Shield until you have all your installation ...
    (microsoft.public.windowsxp.general)
  • Re: avp.exe
    ... I downloaded & installed MalwareBytes' AntiMalware. ... Malware - done as described above - with AntiMalware ... hidden recovery partition on there. ... not the same thing as an XP installation CD. ...
    (microsoft.public.windowsxp.general)
  • Re: Free Antivirus suggestions
    ... Real-time AV applications - for viral malware. ... Disable the e-mail scanning function during installation (Custom ... (add them to your arsenal and use them as a "second opinion" av scanner). ...
    (microsoft.public.windowsxp.general)
  • Re: Spy Sweeper vs. Spybot Search and Destroy
    ... Real-time AV applications - for viral malware. ... Disable the e-mail scanning function during installation (Custom ... Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail ... (add them to your arsenal and use them as a "second opinion" av scanner). ...
    (microsoft.public.windowsxp.general)