Jump to content

Malware mutation


Recommended Posts

I noticed since the beginning of this year that the atypical "antispyware 2010" malware has gently, effectively and professionally developed into a "force to be reckoned with".

The usual annoyances for this type of nasty malware are for the taskbar to be turned off, executables not able to run, hidden folders and files, a compromised safe mode etc..

As the year progresses so too does the sophistication of the "antispyware 2010" type malware.

My latest infected PC exhibited no desktop, no start bar, menu or tasks. Nuttin' cept for the malware window. Ctrl-Alt-Del got the usual taskbar disabled msg..

Safe mode had also been "hobbled"

running the drive through MBAM on another machine found this kind of stuff:

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP820\A0060578.dll (Worm.KoobFace) -> Quarantined and deleted successfully.

E:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP820\A0060658.dll (Worm.KoobFace) -> Quarantined and deleted successfully.

E:\WINDOWS\bill103.exe (Worm.Koobface) -> Quarantined and deleted successfully.

E:\WINDOWS\cBjDNHbRs.dll (Rogue.Multiple.Gen) -> Quarantined and deleted successfully.

E:\WINDOWS\eitJEmGh.exe (Rogue.Multiple.Gen) -> Quarantined and deleted successfully.

On reinstalling the HD on the original machine still the same symptoms appeared - without the malware windows. I.e. nothing happened except for a desktop picture. nothing!

This is the only one of this year's malware cocktails that I couldn't remove without resorting to the total reformat and rebuild.

The danger of course is the introduction of the infected drive into the"good" checking computer. I'm guessing that in 30 days they're going to go after thehosr drives on the "good" checking hosts....

comments?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.