«
»

Nasty malware

Man was my system infected, got the nastiest peice of code yesturday. I had been looking for a canvas texture to use in a project, but unfortunatly I found it on what turned out to be a very bad site. Of course Symantec Endpoint Protection provided little actual protection and only informed me of the very bad things this code started doing. It recognized infection and maybe stopped a couple of the codes bad intentions, but the code eventually disabled Symantec (later learned it actually infected some of Symantec’s files). This thing brought in all its viral friends too. What truely sucked is that it infected a thumbdrive I had in, which caused me to accidently spread it two other people when I used the usb drive and their computers to download tools to fix the problem. It also rebuild itself as I battled it, bringing in new nastes from time to time. This thing did it all, rootkit, spam server, fake virus repair tool ads, and prevented using all sorts of resources and tools to stop it. I think I finally beat this thing with a combo of hijackthis, Mcaffe Stinger, TDSSKiller, Spybot and some Explorer elbo grease. To the A-hole who created this monster I hope you pay for time and agony you inflict on people, and it should come around to you two fold.

Advertisement

This entry was posted on July 22, 2010 at 2:00 pm and is filed under Uncategorized with tags , , . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

2 Responses to “Nasty malware”

  1. cc Says:
    July 22, 2010 at 3:23 pm

    I feel your pain. From what you describe, it sound like the little nasty I’ve been having to extract from over a half-dozen computers in the past 2 months. Unfortunately, this bugger also shows up on benign websites, often hiding as a Flash banner ad.

    It got so bad I posted on http://meetcc.wordpress.com what people should look for and ways to reduce the chance of your PC getting it (Macs are immune).

    You’re right: Symantec is a joke and McAfee’s not too far behind. I tested this virus strain on 6 anti-virus programs and only the Kaspersky Internet Security stopped it before it could cause harm. Just make sure to monitor your Internet traffic and watch for any inconsistencies in your network activity.

    –cc, The Computer Cat

    Reply
    • Tech&Taco Ringmaster Says:
      July 28, 2010 at 12:19 am

      Yes I definitely got it from an ad, and the more I looked into it, it looks like it uses a poisoned pdf as the main carrier and launcher. I think I got rid of the final remnants of it today with combofix.exe. I do have to say the browser search hijack from this nasty was some of the best coding I’ve ever seen. It was cross browser and took over the search area in the browser itself as well as redirecting clicked links in Google as well as the fishing version of Google it produced later in the clean up. Yeah that was a good one, introducing a fake version of Google search results page to really make you feel like there is no hope. The jump to the USB drive is of course the clincher as it causes reinfection and rapid spread.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.