Just been infected

Park@82

Park@82

Honorary Master
Joined
Jun 6, 2008
Messages
14,420
Reaction score
1,831
Location
Pretoria
Just been infected by some nasty k@K :

Submission details:
Submission received: 8 October 2008, 08:23:06
Processing time: 5 min 58 sec
Submitted sample:
File MD5: 0x573B7FA011D03949D6529FF2A3DB6F79
Filesize: 114,695 bytes
Alias: Trojan-Dropper.Win32.Agent.xqr [Kaspersky Lab], TrojanDownloader:Win32/Renos.DU [Microsoft]

It was my bad, I downloaded a exe (don’t even ask) scanned it with NOD32 (updated) and double clicked… and boom! I immediately noted something was horribly wrong when the program did not respond and it created some URL shortcuts on my desktop… followed shortly by some very annoying pop-ups.
It turns out NOD32 does not detect this yet.:eek:
I opened security task manager and saw that there was a dll called: msysamd32.dll in system32 that could potentially be malicious. I googled it and found that it could be removed by SmitfraudFix I rebooted in safe mode and removed it. I have used SmitfraudFix some time back to remove nasties, it is a great little app.:D Clean now whew…
 
Sometimes AV's dont prevent users from doing something obviously stupid ;)

Putting your hand in an open flame for example...it's obviously bad but mr marshall doesn't know it so you go ahead? Hehe
 
Yeah this wasn’t the smartest thing I ever did. But this crippled my trust in NOD32 somewhat.
 
Park@82 said:
Yeah this wasn’t the smartest thing I ever did. But this crippled my trust in NOD32 somewhat.
Click to expand...

You must try to remember that AV is for KNOWN malware. This may be new and you are one of the unlucky that got it first, and now becuase of your experiance, the rest of us can now download updates that have signatures of that particular malware.

You could try some sort IPS software on your machine.
 
sox63 said:
You must try to remember that AV is for KNOWN malware. This may be new and you are one of the unlucky that got it first, and now becuase of your experiance, the rest of us can now download updates that have signatures of that particular malware.

You could try some sort IPS software on your machine.
Click to expand...

Indeed. Takes a few Deedees ( oooh what does this button do ) that get trapped by these blatantly obvious malware bits to protect the rest of the dumb world :P

I havent had an AV on my main rig for 7 months. Cracks,Keygens etc downloaded frequently so not like I am sailing the clear blue ocean. No infections though. Sometimes you have to be smarter than that ;)

Download an app called sandboxy. Runs a mini sandbox on your pc in which you can use apps with no adverse effects
 
sox63 said:
You must try to remember that AV is for KNOWN malware. This may be new and you are one of the unlucky that got it first, and now becuase of your experiance, the rest of us can now download updates that have signatures of that particular malware.

You could try some sort IPS software on your machine.
Click to expand...

I did submit the exe to Nod32, I am keeping it around to see if/when nod will add it to their definitions….
 
Download an app called sandboxy. Runs a mini sandbox on your pc in which you can use apps with no adverse effects
Click to expand...
please explain what it does in layman terms

and also a link would appreciated, as google doesn't bring up the info i am looking for
 
PsyWulf said:
Indeed. Takes a few Deedees ( oooh what does this button do ) that get trapped by these blatantly obvious malware bits to protect the rest of the dumb world :P

I havent had an AV on my main rig for 7 months. Cracks,Keygens etc downloaded frequently so not like I am sailing the clear blue ocean. No infections though. Sometimes you have to be smarter than that ;)

Download an app called sandboxy. Runs a mini sandbox on your pc in which you can use apps with no adverse effects
Click to expand...

okay before today it has been a very long time since I had one of these too, I was just a bit unlucky + stupid. And actually I do have sandboxy I just didn't bother..
 
wizdumb said:
please explain what it does in layman terms

and also a link would appreciated, as google doesn't bring up the info i am looking for
Click to expand...

It isolates the app from making permanent changes to your machine, every change the program makes is kept in a "sandbox". Almost like a EWF on XPe I would think.
 
wizdumb said:
please explain what it does in layman terms

and also a link would appreciated, as google doesn't bring up the info i am looking for
Click to expand...

It makes a little storage area on your harddrive and runs the app in an isolated section of memory where even if it were harmful,all it could do was kill the sandbox. Basically treating every patient like they have ebola till you know they are clean :cool:

http://www.sandboxie.com/

* Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

* Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

* Windows Stays Lean: Prevent wear-and-tear in Windows by installing software into an isolated sandbox.
Click to expand...
 
Laughing after implying immunity is cute while article nr2 was in June this year but thanks for playing :) Run along now before your next ipod gets infected
 
PsyWulf said:
Laughing after implying immunity is cute while article nr2 was in June this year but thanks for playing :) Run along now before your next ipod gets infected
Click to expand...

:)
iPhone, not iPod.

But I do run XP as well, so will be on the lookout. ;)


P.S
The user has to download, click to install and then type their password.
(you have to want really want the virus)
And it was patched.
 
Last edited:
alf101 said:
:)
iPhone, not iPod.

But I do run XP as well, so will be on the lookout. ;)


P.S
The user has to download, click to install and then type their password.
(you have to want really want the virus)
And it was patched.
Click to expand...

Similar to this in that he had to download and run it

Social engineering works on all platforms :P
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X