Thats good Narin that AV has removed it. By the way I was planning to extract more info on it from your machine. I wish to torture it by forcefully collecting the info.
Finally you got rid of that Malware. Cheers, 0xN41K On Wed, Dec 7, 2011 at 11:23 AM, kura narin <[email protected]> wrote: > hi all I got a solution for that > combofix is the one which could delete it from the root directly > if any one face this problem please suggest them that combo fix tool :-) > > > On Mon, Dec 5, 2011 at 8:00 PM, kura narin <[email protected]> wrote: > >> >> Hi please find the Attachments of the Logs I created and help me to get >> rid of that virus >> >> >> On Sat, Dec 3, 2011 at 5:13 PM, kura narin <[email protected]> wrote: >> >>> yeah thank you for your response as soon as i get the logs i will send >>> them to all and I am also trying for a solution >>> I have observed that he is changing code of HTML pages and leaving the >>> Title as the Search command which we enter changing the Redirect location >>> in the Frame set tags of HTML pages >>> >>> >>> On Sat, Dec 3, 2011 at 4:39 PM, Jonathan Lieberman >>> <[email protected]>wrote: >>> >>>> just randomly found this thread through a google search.... I just got >>>> the same bit of nasty malware. new computer, hadn't loaded any virus >>>> protection and malware protection till a few days after I bought it... >>>> looks like it's something new that's going around because I've seen a >>>> few other new posts about it. Will update if I find something to >>>> remove it. >>>> >>>> On Dec 2, 9:35 pm, Srinivas Naik <[email protected]> wrote: >>>> > Hi Narin, >>>> > >>>> > Follow below instructions >>>> > 1. Copy and Paste below 3 lines in file "*malcop.cmd*" >>>> > >>>> > echo Collecting Startup and Process list... >>>> > wmic startup get caption,command,location /format:list > >>>> startup_log.txt >>>> > wmic process get >>>> > >>>> Name,Description,CommandLine,ProcessId,ParentProcessId,ExecutablePath,ThreadCount,Handle,HandleCount >>>> > /format:list > process_log.txt >>>> > echo Files Startup_log.txt and Process_log.txt Created...... >>>> > >>>> > 2. Attach the files generated startup_log.txt and process_log.txt to >>>> this >>>> > thread >>>> > >>>> > Lets analyze the malware and sort out the issue. >>>> > >>>> > Dont Worry ..... Trust MalCop :) >>>> > >>>> > Cheers, >>>> > 0xN41K >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > On Fri, Dec 2, 2011 at 6:15 PM, narin <[email protected]> wrote: >>>> > > Hi All >>>> > > I have a big problem with my office computer >>>> > > my all browsers got effected with some virus i think so >>>> > > when ever I am trying to Open any website in search engine >>>> > > i am getting connected to the kozanekozasearchsystem.com website >>>> and >>>> > > getting redirected to the >>>> > > random website or random blogs, >>>> > > When i Used firebug just whats happening i observed that virus >>>> > > introducing some code >>>> > > with title as our typed text and >>>> > > in the Frameset Redirecting to the that website >>>> > > and to go to the desired website of mine i need to click enter on >>>> the >>>> > > Address bar again. >>>> > > Please help me >>>> > >>>> > > Thank you >>>> > > Narin >>>> > >>>> > > -- >>>> > > You received this message because you are subscribed to the Google >>>> Groups >>>> > > "nforceit" group. >>>> > > To post to this group, send an email to [email protected]. >>>> > > To unsubscribe from this group, send email to >>>> > > [email protected]. >>>> > > For more options, visit this group at >>>> > >http://groups.google.com/group/nforceit?hl=en-GB. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "nforceit" group. >>>> To post to this group, send an email to [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/nforceit?hl=en-GB. >>>> >>>> >>> >>> >>> -- >>> Thanks and Regards, >>> >>> K.N.NARIN. >>> >>> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) >>> >>> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) >>> >>> http://lifetechnology-narin.blogspot.com/ >>> >>> >>> >>> >> >> >> -- >> Thanks and Regards, >> >> K.N.NARIN. >> >> Oracle Certified Professional,Java SE 6 programmer(SCJP 6) >> >> Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) >> >> http://lifetechnology-narin.blogspot.com/ >> >> >> >> > > > -- > Thanks and Regards, > > K.N.NARIN. > > Oracle Certified Professional,Java SE 6 programmer(SCJP 6) > > Ankit Fadia Certified Ethical Hacker(AFCEH 5.0) > > http://lifetechnology-narin.blogspot.com/ > > > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
