Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Here you have - Virus!!!

09 Sep 2010   #1
dranfu

 
Here you have - Virus!!!

I work for a company that has not yet admitted that it was hit by this virus, but we were today, and it was insane! Literally, some of our users out-boxes were stuffed with up to 97,000 spam messages waiting to be sent out. It literally infected almost everyone.

And now after reading this story, it looks like it is happening to a lot of F-100 companies.
This is very scary, and just proves that no matter how much progress is made in information security, the bad guys always come up with something new.

'Here you have...' virus hits major companies - Technology & science - Security - msnbc.com


My System SpecsSystem Spec
.
09 Sep 2010   #2
zigzag3143

Win 8 Release candidate 8400
 
 

Not all that unusual. But they should have had some build in slutions. Maybe next time they will be ready


Ken
My System SpecsSystem Spec
09 Sep 2010   #3
Lemur

Systems 1 and 2: Windows 7 Enterprise x64, Win 8 Developer
 
 

It wasn't clicking on the email, but the email link. We try to educate our people not to respond to unsolicited email. But you can knock your head against a wall and get the same result. Sometimes, the user is the most dangerous component of a system.
My System SpecsSystem Spec
.

09 Sep 2010   #4
dranfu

 

Quote:
the user is the most dangerous component of a system.
That is true, without a doubt. But look at it from a user's perspective. They do business all day by email. And if they receive an email from someone on their contact list that says "here you go" or "here you are" and then talks about a document they were looking for, all they are going to do is click on it, and get on with business. And even more to the point, these emails the users were getting are coming from people on their contact list, from within their trusted corporate network--why would they not click it?

They aren't going to analyze it, they aren't going to check the properties of the link and see where its pointing to, they are just going to click. The problem is, these Fortune 100 companies are not even close to as secure as they want the world to believe they are. That is the real problem.
My System SpecsSystem Spec
09 Sep 2010   #5
dranfu

 

Virus Total Report: These are the engines that as of roughly 6pm today can actually identify it as a threat:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: PDF_Document21_025542010_pdf.scr
Submission date: 2010-09-09 18:52:15 (UTC)
Current status: finished
Result: 13 /43 (30.2%)
VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.09.01 2010.09.09 Malware/Win32.Trojan Horse
AntiVir 8.2.4.50 2010.09.09 -
Antiy-AVL 2.0.3.7 2010.09.09 -
Authentium 5.2.0.5 2010.09.09 W32/VBTrojan.17E!Maximus
Avast 4.8.1351.0 2010.09.09 -
Avast5 5.0.594.0 2010.09.09 -
AVG 9.0.0.851 2010.09.09 -
BitDefender 7.2 2010.09.09 Gen:Trojan.Heur.rm0@fnBStPoi
CAT-QuickHeal 11.00 2010.09.09 -
ClamAV 0.96.2.0-git 2010.09.09 -
Comodo 6027 2010.09.09 -
DrWeb 5.0.2.03300 2010.09.09 WIN.WORM.Virus
Emsisoft 5.0.0.37 2010.09.09 Gen.Trojan!IK
eSafe 7.0.17.0 2010.09.07 -
eTrust-Vet 36.1.7844 2010.09.09 -
F-Prot 4.6.1.107 2010.09.01 W32/VBTrojan.17E!Maximus
F-Secure 9.0.15370.0 2010.09.09 Gen:Trojan.Heur.rm0@fnBStPoi
Fortinet 4.1.143.0 2010.09.09 -
GData 21 2010.09.09 Gen:Trojan.Heur.rm0@fnBStPoi
Ikarus T3.1.1.88.0 2010.09.09 Gen.Trojan
Jiangmin 13.0.900 2010.09.09 -
K7AntiVirus 9.63.2483 2010.09.09 -
Kaspersky 7.0.0.125 2010.09.09 -
McAfee 5.400.0.1158 2010.09.09 Generic.dx!tsp
McAfee-GW-Edition 2010.1B 2010.09.09 Artemis!2BDE56D8FB2D
Microsoft 1.6103 2010.09.09 -
NOD32 5438 2010.09.09 probably unknown NewHeur_PE
Norman 6.06.06 2010.09.09 -
nProtect 2010-09-09.03 2010.09.09 -
Panda 10.0.2.7 2010.09.09 Suspicious file
PCTools 7.0.3.5 2010.09.09 -
Prevx 3.0 2010.09.09 -
Rising 22.64.03.01 2010.09.09 -
Sophos 4.57.0 2010.09.09 -
Sunbelt 6853 2010.09.09 -
SUPERAntiSpyware 4.40.0.1006 2010.09.09 -
Symantec 20101.1.1.7 2010.09.09 -
TheHacker 6.7.0.0.012 2010.09.09 -
TrendMicro 9.120.0.1004 2010.09.09 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.09 -
VBA32 3.12.14.0 2010.09.08 -
ViRobot 2010.9.8.4031 2010.09.09 -
VirusBuster 12.64.26.0 2010.09.09 -
My System SpecsSystem Spec
09 Sep 2010   #6
dranfu

 

Looks like this thing may be trying to create a botnet, too. It just keeps getting better

'Here You Have' Email
My System SpecsSystem Spec
09 Sep 2010   #7
Lemur

Systems 1 and 2: Windows 7 Enterprise x64, Win 8 Developer
 
 

Quote   Quote: Originally Posted by dranfu View Post
Looks like this thing may be trying to create a botnet, too. It just keeps getting better

'Here You Have' Email
I just sent my network admin a heads up. Not that universities have anything to worry about...
My System SpecsSystem Spec
09 Sep 2010   #8
dranfu

 

Quote   Quote: Originally Posted by Lemur View Post
Quote   Quote: Originally Posted by dranfu View Post
Looks like this thing may be trying to create a botnet, too. It just keeps getting better

'Here You Have' Email
I just sent my network admin a heads up. Not that universities have anything to worry about...
Lol. Oh, no. The universities will definitely be safe

Macafee has made a stinger (stand alone virus scanner) version just for the virus, if you want to run it on your network: http://vil.nai.com/vil/vbm/stinger.exe

Also, definately check out the threat reports from ThreatExpert - Automated Threat Analysis. They have a bunch of behavior reports (reg keys created/modified, file manipulated, etc.) on the virus.

For example there are, of course, a bunch of image execution entries for svchost, so that when svchost is ran, some malware also gets ran. Example

Quote:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\00hoeav.com]
Debugger = "%Windir%\svchost.exe"
All I know is that tomorrow is going to be a hell of a day.
My System SpecsSystem Spec
09 Sep 2010   #9
Lemur

Systems 1 and 2: Windows 7 Enterprise x64, Win 8 Developer
 
 

I just sent a network-wide email. I wonder how many people will still ignore it?
My System SpecsSystem Spec
09 Sep 2010   #10
dranfu

 

Quote   Quote: Originally Posted by Lemur View Post
I just sent a network-wide email. I wonder how many people will still ignore it?
LOL. You are cracking me up today. Nobody is going to want to open any emails now. They're going to call IS for every single legitimate email that looks even a bit strange.

Oh Joy.
My System SpecsSystem Spec
Reply

 Here you have - Virus!!!




Thread Tools




Similar help and support threads
Thread Forum
Possible Memory Leak Virus - Anti-virus detects nothing?
Hello, I am needing some support on what is exactly taking up all the RAM on my brother's PC as after about 8 hours of uptime, 65% of my Physical Memory is being used up with nothing really open. I did some research and found out it was a possible memory leak or virus, so I first tried to run...
Performance & Maintenance
how to fix / clean windows from ramnit virus and virut virus?
my windows infected ramnit virus and virut virus,how to clean them?
System Security
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
Want ideas for Virus removal if virus shows up in safemode CMD
Hi, Looking for general ideas on how everyone else handles a strong virus. If the virus is showing up in Windows regular mode, it opens in safemode and opens in safmode with command prompt. Besides the usual such as boot to repair mode and use system restore, dock hard drive to another pc and...
System Security
RPC Virus message in Action Center, though the virus seems to be gone?
So I was managing my Laptop (Compaq Presario CQ57 with Windows Home Premium SP1) after a long time away from it, I left it in the care of a friend of mine, I noticed a few strange things. 1) I couldn't update Windows. 2) I couldn't turn ON my firewall 3) Windows Security Center was missing....
System Security
Want are the best afforable anti-virus for a trojan virus
what anti-virus would be great at getting rid of a trojan virus some of the anti virus i have used told me i had one but could not delete it.
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:09.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App