Not yet but I did come to a solution. The virus is doing 2 basic things.
1. spawning off new process files to run
2. opening up a back door for someone to come in and update/install new
viruses
I'm using a program called stopzilla to stop the backdoors from operating
until I can remove them. No ne
On Fri, Mar 27, 2009 at 5:21 AM, Tom Chiverton wrote:
> Don't get me started of SMM or red/blue pill attacks either.
>
Will do.
But yeah, those are the ones that lend towards soiling my skivvies. I have
been hacked twice (that I know of) and it is one of the worst feelings a
geek can get. It i
On Thursday 26 Mar 2009, Gerald Guido wrote:
> >> The BIOS could be compromised.
> The BIOS? Yikes!!
Put it this way. You can flash the BIOS by running a program. Someone you do
not trust has been running unknown programs.
Don't get me started of SMM or red/blue pill attacks either.
--
Tom Ch
>> Only way to be safe.
Pretty much.
"...nuke the entire site from orbit. It's the only way to be sure."
http://www.youtube.com/watch?v=aCbfMkh940Q
--
Gerald Guido
http://www.myinternetisbroken.com
"To invent, you need a good imagination and a pile of junk."
-- Thomas A. Edison
~~
8:50 AM
To: cf-talk
Subject: RE: (OT) W32.Virut.W
I got this from a quick web search:
"Virut is a virus that infects any executable files and screensavers
that the user accesses. The parasite also opens a back door providing
the attacker with unauthorized remote access to the compro
sonicDivx wrote:
> Mike,
>
> The Virut stuff is mucho problemo.
Another thing it does is turns your computer into a spam generator/zombie. If
you have Process Explorer, you will note that the virus/rootkit will have
started multiple instances of Internet Explorer in non-interactive mode (as
>>May as well wait until Apr 2 after Conficker awakens.
Damn. That thing looks *mean*.
http://en.wikipedia.org/wiki/Conficker
>> The BIOS could be compromised.
The BIOS? Yikes!!
>> if you are feeling paranoid.
I *always* felt paranoid when I had a server in the wild. Root Kits gives me
what H
il Apr 2 after Conficker awakens.
>
> Mike
>
> -Original Message-
> From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
> Sent: Thursday, March 26, 2009 10:50 AM
> To: cf-talk
> Subject: RE: (OT) W32.Virut.W
>
>
> I got this from a quick web searc
On Thursday 26 Mar 2009, Al Musella, DPM wrote:
> computer. The intruder can upload and run arbitrary files. "
> I would reformat the drive and reinstall everything.
Trash the whole box and get a new one, if you are feeling paranoid. The BIOS
could be compromised.
--
Tom Chiverton
Helping t
May as well wait until Apr 2 after Conficker awakens.
Mike
-Original Message-
From: Al Musella, DPM [mailto:muse...@virtualtrials.com]
Sent: Thursday, March 26, 2009 10:50 AM
To: cf-talk
Subject: RE: (OT) W32.Virut.W
I got this from a quick web search:
"Virut is a virus that in
I got this from a quick web search:
"Virut is a virus that infects any executable files and screensavers
that the user accesses. The parasite also opens a back door providing
the attacker with unauthorized remote access to the compromised
computer. The intruder can upload and run arbitrary file
This might help.
Try running msconfig and select a boot method. Each OS is a little
different.
Terry
-Original Message-
From: Michael Dinowitz [mailto:mdino...@houseoffusion.com]
Sent: Wednesday, March 25, 2009 7:55 PM
To: cf-talk
Subject: (OT) W32.Virut.W
The House of Fusion webserve
13
To: cf-talk
Subject: Re: (OT) W32.Virut.W
Thanks but neither solution seems to have an option to actually remove the
viruses.
On Wed, Mar 25, 2009 at 11:33 PM, Kym Kovan wrote:
>
> Michael Dinowitz wrote:
> > The House of Fusion webserver has the W32.Virut.W virus. Does anyone
kn
Shot in the dark... but did you try Dr. Web?
http://www.freedrweb.com/
HTH
G!
On Thu, Mar 26, 2009 at 5:12 AM, Michael Dinowitz <
mdino...@houseoffusion.com> wrote:
>
> Thanks but neither solution seems to have an option to actually remove the
> viruses.
>
> On Wed, Mar 25, 2009 at 11:33 PM, K
Thanks but neither solution seems to have an option to actually remove the
viruses.
On Wed, Mar 25, 2009 at 11:33 PM, Kym Kovan wrote:
>
> Michael Dinowitz wrote:
> > The House of Fusion webserver has the W32.Virut.W virus. Does anyone know
> a
> > way to remove this virus remotely on a windows
Michael Dinowitz wrote:
> The House of Fusion webserver has the W32.Virut.W virus. Does anyone know a
> way to remove this virus remotely on a windows 2000 machine? I can't boot it
> into safe mode so that's not an option.
> Thanks
>
We have used TrendMicro's Housecall successfully on some viri
Michael
I think the online virus scanner by Eset can do that.
-Original Message-
From: Michael Dinowitz [mailto:mdino...@houseoffusion.com]
Sent: 2009-03-25 22:55
To: cf-talk
Subject: (OT) W32.Virut.W
The House of Fusion webserver has the W32.Virut.W virus. Does anyone know a
way to r
17 matches
Mail list logo
