Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Since I've posted this, we have found another 5 or 6 computers that have been similarly "infected". :ranting:
Today is NOT one of those days I LOVE my job. :lol:
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Java is getting hit very hard right now with stuff. http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/ Q/A has to either work over time to get this approved when an...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Thanks for the link. We have added a fingerprint block to our Symantec Endpoint Protection policies and are forcing out the update. It should block the execution of the virus until we find an...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Well that is good, and i understand the QA testing part. If your systems are patched and your users do not do anything "to stupid" then hopefully you should be pretty well protected.
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Last week yahoo spammed the shit out of my global business. Got so bad we had to block yahoo email for several hours. I blame u! ;)
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
No word from Symantec yet. No more reports of slow systems since implementing the fingerprint block. Our logs do not show any unusual traffic through our firewall. We are continuing to watch the...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
sounds like bad files to me..
always be suspicious of odd files stored or loaded from user profile directories (especially if 'directory' in OP sample path is random or gibberish), and i don't...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
I *have* run Malwarebytes. It did not find anything. I believe it is a new variant of that virus that hasn't been inoculated yet.
Thanks, I'll try that.
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Hitman Pro identified Skype.exe as a possible threat (the only one of the three on the computer) and I uploaded it to their cloud. I think the only reason it flagged it was the file name being the...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
I can only imagine how much of a nightmare that must have been for the IT guy in charge.
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Welcome to slickdeals. :wave:
I forgot to check back on this thread once Symantec finally released the virus definitions to detect the virus. I found the thread again when a user reported they...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
I know you are zoned in on one issue, but we need more info on what the users are allowed to do and what they are not allowed to do. If you have an office full of admins who can install software,...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Any virus that doesn't kill msconfig, or running any and all programs, safe mode, or accessing files is no good virus in my books.
I've only seen one really really bad one that did all of the...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
You do know that yahoo at least pretends to virus check files before you download them? I do agree it isn't a great test. I wanted to see if it would catch the virus/trojan because I wasn't having...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
also try hitmanpro if they have not seen the file they will do more work on classifying it
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Have you tried submitting the file to us on our malwarebytes forums?
http://forums.malwarebytes.org/index.php?showforum=51
We can get it added in hours if you submit it. We update 5-7 times a...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Ya it is kind of a different security model in today's world of 0 day exploits. Policy and training can help this along though. The model of don't install it if you don't need it helps a lot. ...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Combofix might be a bit more useful for me if the log file indicated why it deleted the files in question. I don't know if it actually detected something or merely deleted the file because a...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Symantec still has no information about the generation 2 of the trojan.
And their detection is not working 100%, I manually scanned 1 of our systems, 3 seperate times, that had a detection in...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Update: Symantec finally added it to their signatures as a Trojan.Gatak!gen2 threat over the weekend. I've been getting notices every few minutes whenever it finds a neutered* copy on my system.
...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Sad that this site has more information about the trojan horse then what symantec, or any other site has released...
I stumpled upon this site only while researching this detection that occured...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
I would not consider "emailing to my self via yahoo" a great test, but If I was you I would looking in to making sure that your computers are patched (including flash, java, office, etc). The virus...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Seconds combofix when it comes to these variant viruses that situate themselves in your Temp or Application Data folder and actively has a parent that recreates the child executable if it has been...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Still no word from Symantec. It did clean a virus for me over the weekend. It flagged combofix (that I downloaded from bleeping computers) as a trojan. :facepalm:
I guess Symantec doesn't...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Combofix only works if you get it from a real source otherwise you just get something that puts a virus on your computer.
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
As expected, combofix deleted the file in question along with two other files that are relatively harmless. Combofix most likely removed those files because their names have been linked to...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
http://www.bleepingcomputer.com/download/anti-virus/combofix
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
About the only thing we have found out so far is that someone else submitted the file to virscan.org on the 15th of this month (matching MD5 hash). I rescanned it there and it again passed all 36...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
combofix is a great tool too.
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Not new "could be a virus" .... Run Malwarebytes
http://www.prevx.com/filenames/X3159813958390621-X1/GOOGLETALK.EXE.html
File Behavior
GOOGLETALK.EXE has been seen to perform the following...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Preface: We are primarily in an XP environment and use IE to access most of our internal processes. We have a corporate firewall and Symantec Endpoint Protection Enterprise anti-virus on our...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Are your users set up as admins or power users?
As far as the updates to Adobe Reader, Adobe Flash and Java -- these updates are "usually" tested pretty well before they are put out, so I would...
Possible new virus variant *updated post 30*
Expired
Thread created 03-28-2012 by marg_fan
0 Score
32 Replies
3,889 Views
Combofix uses more of a heuristics approach in detecting things. If you notice it restarts explorer.exe and then monitors for what starts up and then analyzes it.
