Go Back   Hardware Canucks > SOFTWARE > O/S's, Drivers & General Software

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old August 15, 2008, 09:59 AM
CMetaphor's Avatar
Quadfather
 
Join Date: May 2007
Location: Montreal, Canada
Posts: 4,991

My System Specs

Default Virus Alert: eCard greetings.

Be on the lookout for an email that seems to be a legitmate eCard greeting. Its a trojan downloader and has affected many systems here where I work. Extremely difficult to remove... been working on them since lunchtime yesterday without success. i'm using CCleaner, Spybot 1.6, Hijackthis, TrendMicro all from safemode - still barely returns full windows functionality. Just letting you all know, be on the lookout.
__________________
"Backed by common sense and physics!" -Squeetard
Opteron Server for Sale! http://www.hardwarecanucks.com/forum...ade-ideas.html
Reply With Quote
  #2 (permalink)  
Old August 15, 2008, 10:24 AM
3.0charlie's Avatar
3.0 "I kill SR2's" Charlie
F@H
 
Join Date: May 2007
Location: Laval, QC
Posts: 9,599

My System Specs

Default

Same thing for a bogus UPS email that has an attachment showing a tracking number - also same thing from a US Customs email. Both are caught by AVG Email scanner.
__________________
Hydro-Quebec is salivating...
Reply With Quote
  #3 (permalink)  
Old August 15, 2008, 02:57 PM
Nodscene's Avatar
Allstar
 
Join Date: Dec 2007
Location: Toronto
Posts: 920
Default

Yeah, I've been dealing with this quite frequently myself. I usually see it as the xp2008 or 2009 virus that I'm sure everyone has seen or heard about. Of course it always has a bunch more crap with it.

So far the best way I've found to remove it is to start the task manager and stop all the offending services, download and run SuperAntiSpyware, while that's going start HijackThis and clean that out. Turn off System Restore and let SAS finish it's thing. I download combofix (I actually download all programs first) to the desktop and when SAS ask's to reboot I let it. Once it's booted into windows I reboot again into safe mode and run Combofix. After that is done I reboot again and run CCleaner to clean out the temp files. Either the virus or the cleaning process usually kills Symantec Antivirus (all our clients run it) so I have to uninstall that and reinstall it. Combofix turns on System Restore after it's done which is a bonus so I don't have to remember :)

I can usually get a machine cleaned out in anywhere from a half hour to an hour max. I even had one case where the virus was blue screening the computer and managed to clean it out no problems.
__________________

Create something idiot proof and they will make a better idiot.
_____________________________________

Intel Q6600 - Gigabyte EP35-DS4 - OCZ Reaper 4gig PC2-6400 - XFX 8800GT 512Mb Alpha Dog - AuzenTech X-Fi Prelude - Alesis M1Active MK2 - Corsair HX-620 - Silverstone Temjin TJ05B-X - Scythe Katana 2 - WD Raptor 150Gb - Seagate 7200.11 750Gb x2 - Samsung SH-S203N
Reply With Quote
  #4 (permalink)  
Old August 15, 2008, 06:31 PM
Hall Of Fame
 
Join Date: Jul 2008
Location: Canada
Posts: 1,221

My System Specs

Default

Quote:
Originally Posted by CMetaphor View Post
Be on the lookout for an email that seems to be a legitmate eCard greeting. Its a trojan downloader and has affected many systems here where I work. Extremely difficult to remove... been working on them since lunchtime yesterday without success. i'm using CCleaner, Spybot 1.6, Hijackthis, TrendMicro all from safemode - still barely returns full windows functionality. Just letting you all know, be on the lookout.
Dpybot S&D while it is free, it misses quite a lot - FOr spyware removal I consider SpySweeper and Spyware Doctor (PCtools) to be very good, from tests I've done on a system, found them to be top in their class. For virus/trojans, I use AVIRA Security Suite, also found it removes some of the tougher shit that others miss - I've had some very nasty aviax or something like that trojan and spybot shit, that neither AdAware 2008 nor Spybot S&D could remove, but was easily removed with Spyware Doctor and AVIRA.
Reply With Quote
  #5 (permalink)  
Old August 15, 2008, 06:44 PM
CTA's Avatar
CTA CTA is offline
Hall Of Fame
 
Join Date: Jul 2008
Location: surrey (vancouver) bc canada
Posts: 2,012
Default

that sucks... i prefer gmail because you can preview a few of sentence... and that anti-spam is very powerful...

get sys process explorer for advance and easy to read.
get privacy mantra to clean ALL junks in your computer in one click
get spyblaster for block known spywares only...
get sypware doctor for spyware
get counterspy for keyblock

get norton for anti-virus... of course i am not joking... and i have no final result of comodo... i hope its very good.. avg or nodo32 is good but not as norton's features...

about firewall... not yet... still working on it.
__________________
---
NEW: customize case, hx100, i7 920, supreme hf, x58 sabertooth, 3gbx2 ram of ripjaws, xfx hd6950 CF. vertex 2 60gb, seagate and hitachi 1tb, dual mcp355 with ek rex v2, 2x koolance ar697, 2x mcr320, 6x zm-f3 fans.
OLD: cm 690, hx620, intel q9450, True Black, ga-ep45-ud3p, 2gbx2 ram of mushkin xp2 8500, xfx 285. wd caviar se16 640gb, 4x zm-f3 fans.
Reply With Quote
Reply


Thread Tools
Display Modes