Category: Virus

Some current Threats in December

Paul

Win32/Mydoom.R

[ad#ad2-left]

Win32/Mydoom.R is an e-mail worm for Microsoft Windows systems. Its file is approximately 28 kilobytes long, compressed by UPX. After decompression, its size is about 40kB.

Upon execution the form copies itself in the %windir% using the name java.exe. It also saves a file called services.exe there. This file is a backdoor component, that operates on TCP port 1034.

The following Registry entries are set to point to worm executables:

HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\JavaVM
HKEY_LOCAL_MACCHINE\Software\Microsoft\Windows\CurrentVersion\Run\Services

The first entry contains path to java.exe, and the other points to services.exe.

According to the information on all the website in order to fix this you must use some anti-virus software.

[ad#ad2-right]

WORM_AGENT.AHQV [Trend Micro], Dropper/Xema.189952.B [AhnLab], Dropper.Small.LQ [AVG], Trojan.Crypt.Delf.AC [Bit Defender], Worm.W32.Agent-1 [ClamAV], IRC.W.W32.ClickIt.D [Otros], W32/Trojan3.AS [Authentium], I-Worm.Agent.ez [Quick Heal], Win32.HLLM.MyDoom.134 [Doctor Web], Trojan:W32/Agent.GCK [F-Secure], W32/Basine.C [Fortinet], Trojan.Crypt.Delf.AC [G DATA], Trojan.Crypt.Delf.AC [Ikarus], Email-Worm.Win32.Agent.js [K7 Computing], Email-Worm.Win32.Agent.js [Kaspersky], Worm:Win32/Mytob.SD [Microsoft], Win32/Injector.BZ [ESET], W32/P2PWorm.AAK [Norman], Trojan.Delfinject.Gen.3 [PC Tools], Backdoor.Win32.IRCbot.apj [Rising], Mal/Basine-C [Sophos], Dropper.Delf.26624.B [Hauri], Email-Worm.Win32.Agent.js [F-Secure], Backdoor/W32.IRCBot.28160.C [Otros], AGENT.ARQB [PerAntivirus]

According to the information on all the website in order to fix this you must use some anti-virus software. This one is a variant and should be dealt with as if it it the actual worm.  It seems to be spreading through P2p and Email fooling the person into running programs.  So be careful out there.


Got a Virus? Got Spyware? This gadget will fix it!!

Paul

31mvvvheoml_sl160_

PC Clean Machine Personal PC Concierge Service

  • Everything you need, including software, is on the thumb drive to get your own personal PC Concierge, a real person working for you. Click on the video to see how it works.

  • Use our anti-virus/anti-spyware and other tools, or we will work with any anti-virus or anti-spyware you already have.

  • PC Concierge will check your computer regularly to keep your data protected and your computer running at optimal levels. Protects both MAC and PC

  • Receive a detailed report explaining what was done to protect your PC and improve its performance

  • Your PC concierge will perform computer maintenance at a time that’s convenient for you

  • Includes ID Theft coverage whether computer related or not

  • Includes computer breakage coverage

  • Includes all security software: anti-virus, anti-spyware, firewall, anti-phishing, IM encryption, family network, protection, gamer mode, laptop mode, anti-spam, parental control, backup, tuneup, file vault, anti-adware.

This was found online and I thought about how much this could be for people in the field.  This is also good for people who have a system offline and don’t want to go online to get the software that is need to fix this.   I saw this and couldn’t wait to blog about this.  If you need to have security for when you have a virus this will help protect your for one Year.  I will say this is a very good deal get several programs for a real low price.  All the reviews for this product are good, check out the product for the reviews.  It cost 119.99 but I think it is worth it for people who don’t have enough security programs and need to protect yourself.

Disaster preparation 101 — Data backup

Paul

In this one I will talk about Disaster, it happens to all of us from time to time. A fire, a earthquake, a stolen laptop or any number of ways. So what happens to your data, is it stored on the laptop? Is it important very sensitive data? Could you get fired if you lost that data?

[ad#ad2-right]These are all questions you must ask yourself when you have laptop. How do you backup your data or even do you have a backup? Having seen this with my own clients, I must wonder if there are people out there who just don’t care. I had a client the other day who gotten a virus and this was a really mean virus. Deleted some very important files when you tried to clean the virus out. She called me in a panic because she couldn’t load up windows? I asked if she had any backups, she said “what’s a backup” . So I sat there discussing this with the client for over 20 minutes. Finally she started to understand, she said she had the OEM Backup DVD but nothing else. She also said she needed help with getting data off the computer. I told her that I would be able to come the next day and I was lucky the virus didn’t do anything else to her data. We were able to retrieve the data from her system. That is where I start my rant , Why would anyone not have backup of there most important data?

So How do you backup your data? This is controversial and somewhat depends on how much people want to spend to keep there data safe and not loose pictures or music. There are several ways to do it, each way has it’s pitfalls or short comings and requires a little more effort:

Kinds of Backup

Hard Medium – DVD, CD, External Hard drive

Although,  The hard medium is usually used that doesn’t mean you can have a backup other than hard.   Here are some ways to back up on the internet.

Internet Medium:

  • Jungle Disk — Provides online storage through the Amazon s3 service.   Only pay for what you use.   It works well with most Operating system.  I’ve used it on Vista so it is really nice.

  • Carbonite Online backup –Another good Online storage.

  • Some Other Online backup — Here a list from Amazon to better help you find the type of software that you might need.

These are just a few options, if you want to look for other you can.  The important thing to do is BACKUP because if you need some data that gets wiped or destroyed.  You will be kicking yourself for not backing up.

Tools for Virus Removal : The ones I like to use!

Paul

In this post I want to talk about virus removal tools that I like to use when I need to remove a virus.   Some thing to consider when using these tools are:

Each of these have to be dealt with differently because each requires something different.  Like rootkits if you have one installed and know that it is a rootkit you only options are to download some rootkit removers like:

  • Sopho’s Anti-rootkit remover —  This is good for those more known viruses and can remove several types of rootkits.   This isn’t the only one I use, but it is a part of group that does the rootkit removing for me.

  • Microsoft Rootkit Revealer —  This is good for proving there is a rootkit.  I’ve not seen it not detect a rootkit.  Most of the time when I find a rootkit from the other rootkit revealers this one actually dos better with information.

  • Panda Anti-Rootkit Remover — This one is another one I use when the other ones can’t remove it.  Each one does remove certain rootkit differently and works better than the other.

  • Aries Rootkit Remover from Lavasoft — This is good for those really tough rootkits but have some great benefits for removing some of the really tough rootkits.

These are the ones that work well with me when it comes to removing the rootkits.  I’ve not had one of these to remove a rootkit but that depends on how you deal with the virus in the first place.  Now for Anti-spyware and Anti-Virus software here are some of the tools that I suggest:

  • HijackthisRun it, and when you get the LOG file you will want to go to HijackThis Log Analysis Site 1 and HijackThis Log Analysis Site 2, and see what it says.  This is the best software because it will scan all of the registry and tells you like a wiki what might it be.

  • MSCONFIG — Sometimes it is hidden but if you check through the MSCONFIG for any files that might not need to load. Also check the services tab and see if there is any services that may not be needed.

  • Pctools Antivirus Free Software — This is a free software so what can I say.

  • AVG Anti-Virus Free Edition 7.5.503 — This is another free one that can remove viruses really easily. Download this and you don’t have to worry to much.

  • Avast Home Edition — AVG does better than this one but people seem to like this so I have to add this for people who like this better than the others.

  • Clamwin Free Anti-virus — This is a good one because this is open sourced and easily can help detect so many viruses. This is good for those people who like open sourced.

These are just  the ones that I like to recommend that does pretty good on removing the viruses but there are others that I recommend on my Malware Resources that people have recommend to me but I haven’t tried them out yet.    Some of the Spyware and Adware removal and here are some of my favorites:

  • SuperAntispyware — Easily remove pests such as WinFixer, SpyAxe, SpyFalcon, and thousands more! Repair broken Internet Connections, Desktops, Registry Editing and more with our unique Repair System.

  • Malwarebytes can provide the needed assistance to remove the infection and restore the machine back to optimum performance.

  • Ad-Aware — This is a very good tool to get rid of some of the most annoying little viruses that try to fool you that you have a virus.

  • Windows Security Trojan Scanner — a Free online scanner to let you see if you might have a Trojan.

  • SmitFraudFix — A great little program to get rid of those Desktop hijacks, those programs that take over your browser or other file system.

If your current antimalware software let an infection through, you may want to consider purchasing the PRO version of SUPERAntiSpyware or Malwarebytes License to protect your computer in the future. SUPERAntiSpyware Professional or Malwarebytes License features highly advanced Real-Time Protection to ensure protection from installation or re-installation of potential threats as you surf the Internet (Both are trusted Vendors by CCSS Forums).

These are just a few that I like to use when it comes to fighting those virus programs and the people behind the virus programs.   If you consider how hard it is sometimes to recognize a virus, you can see the problem with some of the programs they can sometimes  say a file is a virus and delete it and the next thing you know it won’t boot into Windows.  This is what needs to be considered whenever you see a warning on your system so you must be careful when you remove files.  You should always have backups that is what I always recommend because the likely hood of something terrible happening to your data.  You should come up with a way to back up your system every week like a sunday back or even a Monday while your at work backup.

Removing Win32/Bagle.HE worm

Paul15 Replies

Here is another virus that seems to be spreading lately.   From the looks of it, it sees to be another email worm.  Here is what eset says:

Aliases

Email-Worm.Win32.Bagle.gt (Kaspersky), W32/Bagle.gen (McAfee), Trojan.Tooso!gen (Symantec)

[ad#ad2-right]Win32/Bagle.HE is a worm that spreads via e-mail. The size of its executable is 40565 B .

When executed the worm copies itself in the following locations:

  • Documents and Settings\All Users\Application Data\hidn\
    hldrrr.exe

  • Documents and Settings\All Users\Application Data\hidn\
    hidn2.exe

In order to be executed on every system start, the worm sets the following Registry entry:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\drv_st_key

[ad#ad2-left]It seems to have a manual removal process, Unless you pay for the other software but according to the 411 on PC Security:

Win32/Bagle.HE worm is a “threat” that appears in security scans by fake antispyware WinDefender 2008.

The danger of Win32/Bagle.HE worm is supposed to scare you into wasting $49.95 on WinDefender 2008.

Unless you like getting ripped off, don’t download the software the Win32/Bagle.HE worm popup links to. You’re not really infected with Win32/Bagle.HE worm — you’re infected with scamware that you need to remove.

I’ll show you how to get rid of Win32/Bagle.HE worm and WinDefender 2008, for free.

[via 411 on PC Security]

According to this site you can remove it by doing some steps.  I think Kaspersky has an easier way to remove it and it looks like most anti-virus software will remove this.   You need to remember that only you can prevent this from the future.   You should also update your windows update and make sure your system is up to date.