Unix Sysadmin » Virus and Microsoft http://www.sysadmindayph.com/blog SysAdmin Blog, TechTips and Reviews Fri, 27 Jan 2012 04:36:08 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 PWS-Gamania Trojan http://www.sysadmindayph.com/blog/pws-gamania-trojan/ http://www.sysadmindayph.com/blog/pws-gamania-trojan/#comments Fri, 09 Oct 2009 02:35:53 +0000 elizar http://www.sysadmindayph.com/blog/?p=168 Continue reading]]> PWS-Gamania or PWS-Gamania.gen.a is a computer trojan discovered July 22, 2008. PWS-Gamania is a password stealing trojan which attempts to steal user information for certain online games.

The characteristics of this password stealer with regards to passwords stolen, sites accessed, files downloaded etc will differ, depending on the way in which the attacker had configured it. Hence, this is a general description.

PWS-Gamania is also knows as

  • Trj/Lineage.BZE [Panda]
  • Trojan.Win32.Vaklik.bkh [Kaspersky]
  • Trojan:Win32/Meredrop [Microsoft]
  • W32.Gammima.AG [Symantec]
  • W32/Autorun-CL [Sophos]

My Dell D630 laptop is probably infected by this one. Good thing I am no gamer nor is there any important password this trojan can steal.

More information about PWS-Gamania can be found here: http://vil.nai.com/vil/content/v_147533.htm

]]> http://www.sysadmindayph.com/blog/pws-gamania-trojan/feed/ 0 wpv991242765100 – viruses, spyware, adware, trojans, rootkits, worms? http://www.sysadmindayph.com/blog/wpv991242765100-viruses-spyware-adware-trojans-rootkits-worms/ http://www.sysadmindayph.com/blog/wpv991242765100-viruses-spyware-adware-trojans-rootkits-worms/#comments Wed, 17 Jun 2009 08:49:09 +0000 elizar http://www.sysadmindayph.com/blog/?p=153 Continue reading]]> wpv991242765100.exe – What is it? You may be wondering what this filename or process is when you try and searching for any malicious application running in you Windows XP/VIsta machine.. (via Task manager).

wpv991242765100.exe’s  could be viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots… I for one is not sure, but I also have this process running in my windows machine and I just discovered that this is the culprit on some of my computer problems.

Problems Caused by wpv991242765100.exe

To list a few of the nuances that this process is doing on my Viao laptop *grin*:

  • Prevented me from connecting to company’s VPN
  • Prevents firefox to launch (and IE for that matter)
  • No internet on firefox, but fine with IE
  • and probably others.

As of this writing, there’s only 1 page/site on the entire internet for this word.. now there two.. mine included… Here’s some info on that rich content page:

File Behavior

WPV151242765100.EXE has been seen to perform the following behavior:

  • The Process is packed and/or encrypted using a software packing process

WPV151242765100.EXE has been the subject of the following behavior:

  • Added as a Registry auto start to load Program on Boot up

Country Of Origin

The filename WPV151242765100.EXE was first seen on May 20 2009 in the following geographical regions of the Prevx community:

  • EGYPT on May 20 2009
  • The UNITED STATES on May 20 2009

File Name Aliases

WPV151242765100.EXE can also use the following file names:

  • 95545953.OUT
  • 46109827.EXE
  • 73433163.EXE
  • WPV951242765100.EXE
  • WPV991242765100.EXE
  • WPV181242765100.EXE
  • WPV041242765100.EXE
  • WPV131242765100.EXE
  • WPV651242765100.EXE
  • WPV231242765100.EXE
  • WPV701242765100.EXE
  • WPV431242765100.EXE

Filesizes

This file has been seen with the following file size:

  • 428,032 bytes

 

]]> http://www.sysadmindayph.com/blog/wpv991242765100-viruses-spyware-adware-trojans-rootkits-worms/feed/ 0 The Mikkey Worm – This worm is getting out of hand Twitter http://www.sysadmindayph.com/blog/the-mikkey-worm-this-worm-is-getting-out-of-hand-twitter/ http://www.sysadmindayph.com/blog/the-mikkey-worm-this-worm-is-getting-out-of-hand-twitter/#comments Mon, 13 Apr 2009 13:41:12 +0000 elizar http://www.sysadmindayph.com/blog/?p=137 Continue reading]]> “This worm is getting out of hand Twitter” – Mikkey. There was a swarm of messages flooding the twittersphere in the past couple of days. This twitter worm apparently hasn’t been controlled yet by twitter as the flood of messages that apparently coming from Mikkey, continues.

I, myself, lucky for me haven’t been pested by this Mikkey work as it only affects those who uses the web application of twitter (apparently). I use a third party web apps for firefox (twitterfox).

Here’s another way of protecting your self from this Mikkey worm from startupmeme.com:

Other steps that you can take to ensure safety is to reset your password, disable Javascript and clear cache. You can also keep a check via Twitter Status Blog or follow @spam for further updates. This is very bad for Twitter’s reputation especially when FriendFeed is getting better by the day. I would simply hate unwanted messages in bulk bothering me or my followers.

Steps to fix it:
1. Change your hex color/reset it
2. Change your bio and change the URL
3. DONT click on any profile that is suspicious and use another twitter client like TweetDeck instead of the Twitter website

]]> http://www.sysadmindayph.com/blog/the-mikkey-worm-this-worm-is-getting-out-of-hand-twitter/feed/ 0 Remove Kido / Conficker / Downadup / Downup Worm http://www.sysadmindayph.com/blog/remove-kido-conficker-downadup-downup-wor/ http://www.sysadmindayph.com/blog/remove-kido-conficker-downadup-downup-wor/#comments Tue, 07 Apr 2009 01:44:06 +0000 elizar http://www.sysadmindayph.com/blog/?p=135 Continue reading]]> Kido, also known as Downup, Downadup and Conficker, is a computer worm targeting the Microsoft Windows operating system that was first detected in October 2008 but, after a couple of months later, it is still being discussed in antivirus forums and message boards.

Topics usually discussed is how to detect and remove if you’re computer is infected by this Kido (aka Conficker/Downup/Downadup) worm.

It was reported by Panda Security, also a well known antivirus company, that more than 9 million PC’s have been infected. Special mention at the report was China (the probable country of origin). It is said that China is the country most infected by Kido.

Remove Kido / Conficker / Downadup / Downup

Kido although it already has many names (Downadup, Downup, Conficker etc.) various antivirus vendors use various naming conventions for worms.

How to Protect Your Computer with Kido/Conficker/Downadup/Downup

There is a fix for this worm, the details are on our security site at http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx

Please read the above bulletin for the full details, the patches to prevent this worm are on that page.

How to Detect if You’re Infected with Kido

Found this chart while browsing and looking for ways to detect if you are already infected with this Downadup/Conficker/Kido worm

Check it out here: http://www.joestewart.org/cfeyechart.html

How to Remove Kido / Downadup / Conficker / Downup

If you are already infected and if your Antivirus software can’t eliminate the

worm you would need to download a removal tool offered by various security product vendors.

Microsoft : Windows Malicious Software Removal Tool
Kaspersky : KidoKiller
F-Secure : F-downadup (alternate link)
BitDefender : Win32.Worm.Downadup.Gen Remover
Spywarevoid : W32.downadup.c removal tool
Symantec : W32.Downadup Remover
ESET : Conficker Remover
Sophos : Conficker Cleanup Tool

Here are some aliases provided by opular antivirus vendors :

  • Symantec : W32.Downadup
  • F-Secure : W32/Downadup.A, W32/Downadup.B etc
  • Panda : Conficker.A, Conficker.B etc
  • Kaspersky : Net-Worm.Win32.Kido.bt, Net-Worm.Win32.Kido.ip, Net-Worm.Win32.Kido.iq etc
  • McAffe : W32/Conficker.
    worm
  • Bitdefender : Win32.
    Worm    .Downadup.Gen
]]> http://www.sysadmindayph.com/blog/remove-kido-conficker-downadup-downup-wor/feed/ 1