BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] virus?

Subject: [Discuss] virus?
From: bill.n1vux at gmail.com (Bill Ricker)
Date: Tue, 28 Oct 2014 11:43:04 -0400
In-reply-to: <1414507656.4479.3.camel@mipadler.nci.nih.gov>
References: <544EC564.3050307@stephenadler.com> <17ff09e3fd184c0ab6fadb7440277c74@BN3PR0401MB1204.namprd04.prod.outlook.com> <74F3CFED-2AE4-427B-BB3F-B508E45F07F1@geekcq.com> <1414507656.4479.3.camel@mipadler.nci.nih.gov>

On Tue, Oct 28, 2014 at 10:47 AM, Stephen Adler <adler at stephenadler.com> wrote:
> So I go off and do a google search for Worm.VB-269 and I don't really
> find anything on it that tells me anything of what the worm does... I
> was hoping to find like a wiki page details all known viruses, what they
> do and how to eliminate them. Can anyone give me some pointers on how to
> find out what Worm.VB-269 does? Thanks!

Different AV vendors use different codes. CLAM is not popular in
Windows world, so their codes aren't in most articles.

Worm.VB-269 = W32/Autorun.worm!rz = Worm:Win32/Autorun.LD =
WORM_VB.JRI = Trojan.Agent.AMQM
http://threatcenter.crdf.fr/?More&ID=251154&D=CRDF.Worm.Worm.Win32.VB343982929
( Thank you France ! )
so google this -
  "W32/Autorun.worm!rz"  OR "Worm:Win32/Autorun.LD"  OR "WORM_VB.JRI"
OR "Trojan.Agent.AMQM"

Suspected of infected Registry as well net drive/removables, as Hosts
file blocking security tool DNS.

The MS system cleaners may be able to clear this up for you.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Autorun.LD
http://www.threatexpert.com/report.aspx?md5=1124a64b901bc03295ae0f6d958bc1bf
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=144588

[ In the general desktop case, the guys are right about wipe and
update being the surest solution -- and resistance to THIS threat on
later editions (took long enough!) but since you HAD this problem, you
obviously are stuck supporting legacy so I didn't bother mentioning
such irrelevance. This specific trojan/worm is simple enough that MS
free tools linked from their page above should be sufficient. Lather
rinse repeat: run A, B, A, B, ... until both say CLEAN.  ]

Step ONE is still either shutting down the network (probably
unacceptable) or blocking these files from reappearing as discussed
previously, so it doesn't re-infect as you clean. And root on the
share should be R/O for cleanliness from now.

-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux

Follow-Ups:
- [Discuss] virus?
  - From: bill.n1vux at gmail.com (Bill Ricker)

References:
- [Discuss] virus?
  - From: adler at stephenadler.com (Stephen Adler)
- [Discuss] virus?
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] virus?
  - From: lyons at geekcq.com (Tim Lyons)
- [Discuss] virus?
  - From: adler at stephenadler.com (Stephen Adler)

Prev by Date: [Discuss] virus?
Next by Date: [Discuss] virus?
Previous by thread: [Discuss] virus?
Next by thread: [Discuss] virus?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.