Virus Alert: eCard greetings.

[CMetaphor]

Be on the lookout for an email that seems to be a legitmate eCard greeting. Its a trojan downloader and has affected many systems here where I work. Extremely difficult to remove... been working on them since lunchtime yesterday without success. i'm using CCleaner, Spybot 1.6, Hijackthis, TrendMicro all from safemode - still barely returns full windows functionality. Just letting you all know, be on the lookout.

[3.0charlie]

Same thing for a bogus UPS email that has an attachment showing a tracking number - also same thing from a US Customs email. Both are caught by AVG Email scanner.

[Nodscene]

Yeah, I've been dealing with this quite frequently myself. I usually see it as the xp2008 or 2009 virus that I'm sure everyone has seen or heard about. Of course it always has a bunch more crap with it.

So far the best way I've found to remove it is to start the task manager and stop all the offending services, download and run SuperAntiSpyware, while that's going start HijackThis and clean that out. Turn off System Restore and let SAS finish it's thing. I download combofix (I actually download all programs first) to the desktop and when SAS ask's to reboot I let it. Once it's booted into windows I reboot again into safe mode and run Combofix. After that is done I reboot again and run CCleaner to clean out the temp files. Either the virus or the cleaning process usually kills Symantec Antivirus (all our clients run it) so I have to uninstall that and reinstall it. Combofix turns on System Restore after it's done which is a bonus so I don't have to remember :)

I can usually get a machine cleaned out in anywhere from a half hour to an hour max. I even had one case where the virus was blue screening the computer and managed to clean it out no problems.

[DarKStar]

Quote:

Originally Posted by CMetaphor

Be on the lookout for an email that seems to be a legitmate eCard greeting. Its a trojan downloader and has affected many systems here where I work. Extremely difficult to remove... been working on them since lunchtime yesterday without success. i'm using CCleaner, Spybot 1.6, Hijackthis, TrendMicro all from safemode - still barely returns full windows functionality. Just letting you all know, be on the lookout.

Dpybot S&D while it is free, it misses quite a lot - FOr spyware removal I consider SpySweeper and Spyware Doctor (PCtools) to be very good, from tests I've done on a system, found them to be top in their class. For virus/trojans, I use AVIRA Security Suite, also found it removes some of the tougher shit that others miss - I've had some very nasty aviax or something like that trojan and spybot shit, that neither AdAware 2008 nor Spybot S&D could remove, but was easily removed with Spyware Doctor and AVIRA.

[CTA]

that sucks... i prefer gmail because you can preview a few of sentence... and that anti-spam is very powerful...

get sys process explorer for advance and easy to read.
get privacy mantra to clean ALL junks in your computer in one click
get spyblaster for block known spywares only...
get sypware doctor for spyware
get counterspy for keyblock

get norton for anti-virus... of course i am not joking... and i have no final result of comodo... i hope its very good.. avg or nodo32 is good but not as norton's features...

about firewall... not yet... still working on it.