Virus help needed

P

Pumba

Well-Known Member
Joined
Aug 4, 2003
Messages
111
Reaction score
0
Location
.
Sorry if it is wrong forum, but I'm desparate.

Something on my PC, is modifying .exe files
1) Make file a read-only.
2) Change Icon to a piece of cheese.

If downloaded Norton's latest virus def (2004-11-20) , no luck.
Used Trend's House call facility, no luck.

Anybody have any idea what is is and how to get rid of?
 
Bit more info.

It appear all these files were repolaced.

Allthough "cheese" file have same name as previous file, all are of size 60928 b
 
Hey Pumba,

Maybe try: http://housecall.trendmicro.com

If this virus is messing with your exe's, it could be giving the virus scanners some trouble. The above link is for an online virus scanner.

Chow, Nick

Nick Smit
broadband@nicksmit dot za dot net
 
He's already tried that, which is really scary.
Try uninstalling then reinstalling your antivirus client, saving viruslist b4, of course. Better still, try a different one, if u have one available.
Also, are u sure no-one is remote-accessing your pc? Disconnect from the net, see if that makes any difference, disallow remote access b4 reconnect.
If all else fails, u know what to do[:D]


Telkom - South Africa's Handbrake to progress.
 
Good News at last.

Just got today's defination file from Symantec. Updated, running. It now picks up the virusses. Allready at count 39. Still can't see what it is, but once scanning is done, I will see. Will post later.

Thanks for the intrests guys.
 
623 Found.
W32.SillyP2P. (Damn Kazaa!!!!!!!!!!!)
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Pumba</i>
<br />623 Found.
W32.SillyP2P. (Damn Kazaa!!!!!!!!!!!)
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Dude. Dont be a fool. Get the following installed ASAP and USE THEM ALL THE TIME.

Spyware killers:
-Adaware
-Spybot Search and Destroy
Antivirus prog:
-Choose one
Firewall:
-Zonealarm

They are all free!

Sheesh ... 2004 and people dont even take elementary precautions!

Would you fsck every girl in ZA without a condom? Well thats the equivalent of what you are doing online.



-Information anarchist-
www.sentechhatesfreespeech.org.za
I support:
www.hellkom.co.za
www.poopband.co.za
Looking for something better than IE?
www.mozilla.org/products/firefox
 
I had a virus similar to this, what it did was change the file size of almost all .exes and therefor making u unable to run them. Was bad...
 
<blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by hArTh</i>
<br /><blockquote id="quote"><font size="1" face="Verdana, Arial, Helvetica" id="quote">quote:<hr height="1" noshade id="quote"><i>Originally posted by Pumba</i>
<br />623 Found.
W32.SillyP2P. (Damn Kazaa!!!!!!!!!!!)
<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

Dude. Dont be a fool. Get the following installed ASAP and USE THEM ALL THE TIME.

Spyware killers:
-Adaware
-Spybot Search and Destroy
Antivirus prog:
-Choose one
Firewall:
-Zonealarm

They are all free!

Sheesh ... 2004 and people dont even take elementary precautions!

Would you fsck every girl in ZA without a condom? Well thats the equivalent of what you are doing online.



-Information anarchist-
www.sentechhatesfreespeech.org.za
I support:
www.hellkom.co.za
www.poopband.co.za
Looking for something better than IE?
www.mozilla.org/products/firefox



<hr height="1" noshade id="quote"></blockquote id="quote"></font id="quote">

I have all of those. The problem was that the definition file that catch this was only released yesterday.
 
How did you get this virus? IE?

There's a very nasty exploit in IE's image display code that lets a virus hook you when IE displays a malicious image ... just an image.

So I would seriously recommend using FireFox as your main browser. It's market share isnt rocketing up for nothing.

-Information anarchist-
www.sentechhatesfreespeech.org.za
I support:
www.hellkom.co.za
www.poopband.co.za
Looking for something better than IE?
www.mozilla.org/products/firefox
 
Virus came in tru Kazaa.

As said, I have Anti-Virus, Anti-Ad (etc Spybot) and Fire walls. (One on main PC which carry Internet Shared connection, and a firewall on each of additional PC's). This all don't help if it comes in via Kazaa as this is one of the things you setup in FW to allow Kazaa. Also, antivurus did not pick it up as virus definition was only released 24 hours after I picked it up.

OS is XP. The bad thing is, all files still lie in Quarentine as it could not be repaired. Will keep it for a week to see if a fix is not released. (All exe's of which some is main exe's of installed programems)

What really baffles me, Norton's site indicate SillyP2P as being discovered in 1999, why was it not in Def file, unless it was a new variant of SillyP2P?
 
Do NOT USE KAZAA!!!!

Use ShareAZA

www.shareaza.com

Cheers
Ant

### What we need in South Africa is cheap 24/7, always on Internet for under R300 a month. ###
 
on the topic of firewalls... what firewall do u guys recommend for use with dc++ ? I found that norton and sygate gives me problems when trying to connect as active.
 
Use ZoneAlarm free version. Just b sure 2 set Internet Zone Security to Medium (Default is High). No probs.

Yesterday i reformatted & reinstalled (whatadrag[:(])
At the end of it, i foolishly connected 2 the net without setting up zonealarm(silly me).
It took about 1 minute for winmon.exe to sneak in. Spent the next half hour deleting about 20 flipping reg keys. Its amazing how quick it happens these days.
The creators of these trojans deserve to be severely beaten about the head with a blunt object.

Telkom - South Africa's Handbrake to progress.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X