MSN trojan
#1
Scooby Regular
Thread Starter
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
MSN trojan
10+ variants of Kelvir trojan/worm reported today <grrr>
One we got
(14:11:44) <name>: lol you'll like this
(14:11:44) <name>: http://pictures.templates4fr1ends.com/gallery.php?email=<address>
(I have munged the link deliberately)
I have uploaded the sample to webimmune ~ Analysis ID: 1746512
Steve
One we got
(14:11:44) <name>: lol you'll like this
(14:11:44) <name>: http://pictures.templates4fr1ends.com/gallery.php?email=<address>
(I have munged the link deliberately)
I have uploaded the sample to webimmune ~ Analysis ID: 1746512
Steve
#3
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
Lynne,
If you've got Norton, get the latest update and it should fix it. Have a peek here
I'd certainly get Paul to give it a go as well, as it sounds as though he might have been infected.
If you've got Norton, get the latest update and it should fix it. Have a peek here
I'd certainly get Paul to give it a go as well, as it sounds as though he might have been infected.
Trending Topics
#8
Scooby Regular
Join Date: Mar 1999
Location: The Great White North
Posts: 25,080
Likes: 0
Received 0 Likes
on
0 Posts
I'm wondering if something like Spybot Search and Destroy or AdWare might kill it, it's worth a shot.
From the look of the defintion on Symantec's site it was only added yesterday, which would explain why there aren't any standalone chappies out there yet.
From the look of the defintion on Symantec's site it was only added yesterday, which would explain why there aren't any standalone chappies out there yet.
#9
Originally Posted by Markus
I'm wondering if something like Spybot Search and Destroy or AdWare might kill it, it's worth a shot.
From the look of the defintion on Symantec's site it was only added yesterday, which would explain why there aren't any standalone chappies out there yet.
From the look of the defintion on Symantec's site it was only added yesterday, which would explain why there aren't any standalone chappies out there yet.
#10
Scooby Regular
Thread Starter
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
No , it's not picked up by spybot / adware or the M$ spyware software.
I have an extra.dat for ut back from webimmune if you are running McAFee a/v software.
Steve
Lynne, can you ring Paul ? - I don't have his number and he's on my msn contacts list too....
I have an extra.dat for ut back from webimmune if you are running McAFee a/v software.
Steve
Lynne, can you ring Paul ? - I don't have his number and he's on my msn contacts list too....
#15
Scooby Regular
Thread Starter
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
#21
Scooby Regular
Thread Starter
Join Date: Sep 2001
Location: Kingston ( Surrey, not Jamaica )
Posts: 4,670
Likes: 0
Received 0 Likes
on
0 Posts
OK ,
**caveat ** this may toast your system *** caveat ***
deleting windows\system32\run.exe
and the reg keys:
HKEY_CURRENT_USER\Software\Microsoft\OLE\windows run.exe
Windows\CurrentVersion\Run\windows run.exe
Windows\CurrentVersion\RunServices\windows run.exe
and a couple of other keys .. ( do a search on run.exe in regedit ) - the only 'good' ones were AUTORUN.EXE and CTRUN.EXE on mine.
exit and reboot.
The process hasn't restarted and the registry is still clean at the moment.
steve
**caveat ** this may toast your system *** caveat ***
deleting windows\system32\run.exe
and the reg keys:
HKEY_CURRENT_USER\Software\Microsoft\OLE\windows run.exe
Windows\CurrentVersion\Run\windows run.exe
Windows\CurrentVersion\RunServices\windows run.exe
and a couple of other keys .. ( do a search on run.exe in regedit ) - the only 'good' ones were AUTORUN.EXE and CTRUN.EXE on mine.
exit and reboot.
The process hasn't restarted and the registry is still clean at the moment.
steve
Thread
Thread Starter
Forum
Replies
Last Post