Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

/wave


  • Please log in to reply
4 replies to this topic

#1 brew78

brew78

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 10 February 2009 - 04:22 PM

Hello everyone!

Just registered and the forum recommended I make an introductory post, so here it is!

I'm a moderate-to-advanced level computer guy (more or less "the IT department" where I work) who has finally encountered a series of viruses and rootkits that I simply don't know how to deal with. Some careless browsing by a coworker slipped something in under the radar... something new, I think. Virus scanners didn't pick it up until days later, and even then not reliably. From what I've been able to reconstruct, it might have been a fake/infected PDF that started the whole thing.

Now, I don't know which computers to trust and which not to. I see no evidence of the infection spreading, but given that virus scanners couldn't even find it for days, who knows how many computers are now rooted! I'm especially worried about our shared file server. The network cables have been pulled from the two computers that have been in direct contact with the virus, so I'm hoping (praying) its actually isolated. The second computer was used to run a virus scan on the hard drive that I pulled out of the first one.

I think I'll do some browsing here to see what I can find on this forum, then post a HijackThis log just to make sure that the computer I'm on now (in my office) is even really clean. GMER didn't warn of any rootkits, and an AVG scan looks clean so I think I'm ok, but at this point I'm entering full-on paranoia!

It was pretty messed up watching AVG start listing files becoming infected one by one (everything under \system32\drivers), but be unable to stop it or fix anything... was like a car crash in slow motion.

BC AdBot (Login to Remove)

 


#2 Guest_The weatherman_*

Guest_The weatherman_*

  • Guests
  • OFFLINE
  •  

Posted 10 February 2009 - 06:08 PM

Hi, brew78.

Welcome to Bleeping Computer, it's good to see you here.

#3 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.

Posted 11 February 2009 - 11:41 AM

There have been a lot of worms spreading themselves through networks recently, and you are on the right track.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#4 brew78

brew78
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 11 February 2009 - 05:20 PM

Looks like its been a Virut infestation after all.

Nasty bugger.

I think I finally have a computer here that really IS clean, because its finding the virus in files that previously had been scanned and deemed clean. I'm taking sample exe's from the other computers and testing those, too.

Hopefully I won't need to file a report.. maybe making an account here was enough to scare it?

#5 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:08:17 AM

Posted 11 February 2009 - 06:35 PM

As much as I would like to think so, worms, viruses and malware are not that easily frightened away.
Cheers,
John

Edited by jgweed, 11 February 2009 - 06:35 PM.

Whereof one cannot speak, thereof one should be silent.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users