BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] virus?
- Subject: [Discuss] virus?
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Tue, 28 Oct 2014 11:43:04 -0400
- In-reply-to: <1414507656.4479.3.camel@mipadler.nci.nih.gov>
- References: <544EC564.3050307@stephenadler.com> <17ff09e3fd184c0ab6fadb7440277c74@BN3PR0401MB1204.namprd04.prod.outlook.com> <74F3CFED-2AE4-427B-BB3F-B508E45F07F1@geekcq.com> <1414507656.4479.3.camel@mipadler.nci.nih.gov>
On Tue, Oct 28, 2014 at 10:47 AM, Stephen Adler <adler at stephenadler.com> wrote: > So I go off and do a google search for Worm.VB-269 and I don't really > find anything on it that tells me anything of what the worm does... I > was hoping to find like a wiki page details all known viruses, what they > do and how to eliminate them. Can anyone give me some pointers on how to > find out what Worm.VB-269 does? Thanks! Different AV vendors use different codes. CLAM is not popular in Windows world, so their codes aren't in most articles. Worm.VB-269 = W32/Autorun.worm!rz = Worm:Win32/Autorun.LD = WORM_VB.JRI = Trojan.Agent.AMQM http://threatcenter.crdf.fr/?More&ID=251154&D=CRDF.Worm.Worm.Win32.VB343982929 ( Thank you France ! ) so google this - "W32/Autorun.worm!rz" OR "Worm:Win32/Autorun.LD" OR "WORM_VB.JRI" OR "Trojan.Agent.AMQM" Suspected of infected Registry as well net drive/removables, as Hosts file blocking security tool DNS. The MS system cleaners may be able to clear this up for you. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Autorun.LD http://www.threatexpert.com/report.aspx?md5=1124a64b901bc03295ae0f6d958bc1bf http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=144588 [ In the general desktop case, the guys are right about wipe and update being the surest solution -- and resistance to THIS threat on later editions (took long enough!) but since you HAD this problem, you obviously are stuck supporting legacy so I didn't bother mentioning such irrelevance. This specific trojan/worm is simple enough that MS free tools linked from their page above should be sufficient. Lather rinse repeat: run A, B, A, B, ... until both say CLEAN. ] Step ONE is still either shutting down the network (probably unacceptable) or blocking these files from reappearing as discussed previously, so it doesn't re-infect as you clean. And root on the share should be R/O for cleanliness from now. -- Bill Ricker bill.n1vux at gmail.com https://www.linkedin.com/in/n1vux
- Follow-Ups:
- [Discuss] virus?
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] virus?
- References:
- [Discuss] virus?
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] virus?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] virus?
- From: lyons at geekcq.com (Tim Lyons)
- [Discuss] virus?
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] virus?
- Prev by Date: [Discuss] virus?
- Next by Date: [Discuss] virus?
- Previous by thread: [Discuss] virus?
- Next by thread: [Discuss] virus?
- Index(es):
