Bitdefender – Paul's Tech Talk

You won’t make money from W32:Sality.ao

PaulFebruary 23, 2009

People should be cautious of the making money because there is a variant out there trying to leverage the users into thinking they can make money.

McAfee Says “W32/Sality.ao is a parasitic virus that infects Win32 PE executable files. It infects files (*.exe and *.scr files) on the local, network and removable drives by overwriting code in the entry point of the original file and saving the overwritten code in its virus body. It then appends the virus body to the host file.”

Aliases for this Virus is:

PE_SALITY.JER (Trend Micro)

Virus.Win32.Sality.aa (Kaspersky)

Virus.Win32.Sality.y (Ikarus)

Virus:Win32/Sality.AM (Microsoft)

W32.Sality.AE (Symantec)

W32/Sality-AM (Sophos)

W32/Sality.AE (Norman)

W32/Sality.AH (Panda)

W32/Sality.AK (F-Prot)

Win32.KUKU.a (Rising)

Win32.Sality.OG (BitDefender)

Win32/Sality.AA (VET)

These links should help people understand it it. You can visit my Malware Resources to help remove this virus. Something to consider before removing this is to disable your restore points.

Remember there’s no easy to make money, the only real way is to work hard. According to my research the Anti-virus companies have ways to remove this virus and as long as you update your database.

Alarming results are coming from the Conflicker Worm

PaulJanuary 22, 2009

[ad#digg-right]Today I’ve been doing research because I surprised how many people have searched for the Conflicker Worm/Virus and I wanted to point just how bad this is getting. I was looking on Twitter about this some more and here is what I found out:

Over a million conflicker hosts: Are you responsible for any of them? (http: //tinyurl.com/awpeep

[Via twitter Hevnsnt]

Now I went there and he seemed to of added “)” to the URL so I took that out and here’s the URL to check this out. I went there and saw all these IP(Internet Protocols) and it claims that it is over a MILLION. I don’t know if it is true because I stopped the list of IP’s due to the size of list.

I also wanted to talk about the rate at which people are finding this site due to the conflicker virus/worm infecting their systems. As you can see it is steadily increasing as more and more people are trying to find out how to get rid of this very pesky infestation. See below for some good resources to get this annoyance.

I went back to twitter and some other places to find out what people are saying about this virus and I found this interesting comment:

Conflicker Virus has locked out my work account again…. slightly upsetting it keeps trying to break my account password

[via Twitter twitpaul]

[ad#ad2-right]According to one blog post, they seem to think this is a test worm trying the waters out to see how well it works. I tend to agree with this blog post because of the unlikely hood of just infecting systems for fun. I also think they are going to use this worm/virus for a Botnet. There have been several post about this being a possible Botnet setup. Acording to Computeworld, They claim this is building a Botnet and I tend to wonder if this was a bad deployment or if they are just reading to start this up after so many computers are infected.

I don’t know what to call the Conflicker a Virus or a Worm. So I’ve decided to just use both. I’ve been telling people to patch there system as soon as possible. I’d also tell people that you need a good AV and a Good Firewall. Although this sometimes won’t prevent you from getting a virus you will undoubtedly need to disable Auto run. Here are some good resources to better help you get this virus off your system:

F-secure Downadup Removal Tool

Symantec 32.Downadup Removal Tool

Bit Defender Removal Tool

Malware Resource

As you can see there are several different options to help remove this virus and I thought I would list them here. I have heard how hard this virus is to remove and I want to help people remove this virus. Some other things to consider is disabling your restore points before you remove the worm, or it will just come back.

trojan.zlob removal tricks!!

PaulDecember 6, 2008

[ad#ad2-right]

Aliases:
Trojan-Downloader.Win32.Zlob.qyl (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzs (Kaspersky)
Trojan-Downloader.Win32.Zlob.qzn (Kaspersky)
Trojan.Zlob.CPP (BitDefender)
Puper (McAfee)
SystemDefender (Symantec)

Trojan:Win32/Zlob.G is a component of Win32/Zlob that downloads rogue security programs, adware, and additional Win32/Zlob components.

[Via Windows Live OneCare]

[ad#ad2-left]This one just popped up today on my radar it seems to be a very low threat on everyone’s radar according to my sources say “Trojan.Zlob.G is a Trojan horse that may download and execute remote files and redirect the Internet Explorer home page and search page.” So to remove this little Trojan you would want to download one an Anti-virus and firewall. Once you install the software the program should fix the problem for you. This one seems to be really easy to fix. So Please read my post on how to better protect your self if you want to prevent this in the future.

Trojan.PWS.ChromeInject.A is not a Firefox plugin.

PaulDecember 5, 2008

A new type of malware designed to harvest web passwords has been detected in-the-wild by BitDefender’s antivirus research labs. This latest e-threat – called Trojan.PWS.ChromeInject.A – is intended to be delivered onto a compromised computer system by other malware for subsequent download into Mozilla Firefox’s Plugin folder. Once installed it gets to work every time Firefox is started.

[Via Bitdefender]

[ad#ad2-right]So having seen this I thought I’d come up with ways around this to better protect yourself. One way to prevent this from getting your sensitive data is to get a program like Sandboxie. You could stop using Firefox that would be silly, because right now Firefox is more secure than Chrome and Internet Explorer. I’d also suggest checking out my Anti-spyware page and Anti-Virus page and get some more protection.

The key to this virus protection is just be cautious of where you go and keep all you system update to date to prevent all this from happening. It is also advisable to not have your passwords saved on Firefox, you should use something like Roboform, it is free to download and try. It will encrypt your passwords so if they don’t know the master password then they are out of luck. Roboform is also good for coming up with some strong passwords. Just some suggestions to prevent from people seeing your sensitive data, you don’t want anyone to get that data.

Sites that you need not Visit:

PaulNovember 2, 2008

[ad#ad2-right]I’ve had some Anti-virus problems in the past few weeks and have been trying to see if it is my system or if it was just luck of the draw. So I did some research and found some sites that you should not go to, or download from. These sites have been know to spread the fake anti-virus malware software. So I wanted to warn people of some common websites that have been known to have viruses on them:

hxxp://movieportal2008q.com/freemovie/Movie/xxxx/x/ — this site usually tries to send you the “Trojan.HTML.Zlob.AG” Virus.

hxxp://porntubedot.com/xxxxxxxx/WatchFreeMovie.php –This site usually tries to send you the “Trojan.Dropper.SMN” Virus.

hxxp://handballfondi.it/xxxxxx1.php — This site is one of the new Malware sites that looks like Youtube, When you go to this site they say you need a special to play a video clip. Most of the time when you get something like this, it is going to try to install Malware. A good broad set of Codecs that you may want to download is called Klite Mega Codec, which if you us that you should never need to download any other codec to play a movie clip from any site online.

hxxp://0scanner.com/—censored—/ — This site usually tries to send you the “Adware.FakeAntiVirus.L” virus. Another site trying to install malware. [ad#ad2-left]