Preserved Topic: A dirty virus (Page 1 of 1) |
|
---|---|
Paranoid (IV) Inmate From: Dublin, Ireland |
posted 08-28-2002 04:30
I was wondering if anyone had come across this one, no amount of searches at google.com or symantec's virus encyclopedia could find. It was first called src.scr, my sister got an email from a Mailer Daemon thing with it attatched and decided it would be in everyones best interest to run it straight away !! it was 87kb, it put itself in win/system as winked.exe, once I deleted it from the registry, this somehow triggered it to write itself there again and rename it to winkps.exe (Photoshop and Nortan Antivirus where unable to run, everything else was fine untill it crashed the computer after about 5 minutes.), once I deleted from the registry real quick , turned off the computer booted into good ol' DOS and deleted there, and at the same time found that another file of the same size was called winkcpp.exe , so I deleted this too. And now everything seems to be okay(I had to reinstall Nortan but no PS), but going by how smart this virus seemed , I dont think Ive seen the last of it. |
Maniac (V) Inmate From: Cell 666 |
posted 08-28-2002 07:22
Check http://www.sophos.com/ and see if they have it listed in there. I'll check back tomorrow and see if you've found anything - right now it's time for me to go to bed. |
Maniac (V) Inmate From: there...no..there..... |
posted 08-28-2002 15:09
That would be the Klez virus my friend. Check out Symantec for a removal tool. There have been a few variations of this virus and they have one removal tool that will check for all variations. quote:
|
Maniac (V) Inmate From: Cell 666 |
posted 08-28-2002 18:02
Yes, Klez is the dirty bastard that disables your AV programs as well as your Task Manager... That dirty, dirty bastard... |
Maniac (V) Inmate From: there...no..there..... |
posted 08-28-2002 19:36
Yeah, the thing that tipped me off was the "winked.exe". Seems that it renames itself as WINK then something else (like the description says) |
Paranoid (IV) Inmate From: Dublin, Ireland |
posted 08-28-2002 20:14
Hey thanks for the help ! Cprompt: I knew about the registry version up the Startup dir or run= in the win.ini. And when I delete the key there, it puts itself there again after a few seconds. Thanks for the name of it, thats helps loads ! |
Paranoid (IV) Inmate From: Dublin, Ireland |
posted 08-28-2002 20:28
Its great when sites have broken links isnt it http://securityresponse.symantec.com/avcenter/FixKlez.com |
Maniac (V) Inmate From: there...no..there..... |
posted 08-28-2002 20:48
Hugh, that link worked for me. It starts a download of the removal tool. |
Paranoid (IV) Inmate From: Dublin, Ireland |
posted 08-28-2002 21:19
No, I cant connect to the net at home, or not for long anyway and I dont really want to due to the nature of the virus with it emailing itself to everyone. Im in a net cafe(I work here), still wont download for me, I'll try a different machine |
Paranoid (IV) Inmate From: Dublin, Ireland |
posted 08-29-2002 03:04
HOORAY ! |
Maniac (V) Inmate From: Oblivion |
posted 08-29-2002 03:10
Is the virus really dirty? |
Maniac (V) Inmate From: there...no..there..... |
posted 08-29-2002 03:54
InSiDeR: Yes it is very dirty. I calls those 900 sex numbers from your computer. It also continuiously downloads porn pics from various websites. |
Maniac (V) Inmate From: there...no..there..... |
posted 08-29-2002 04:03
Hugh: Glad that you got it out of there. |
Paranoid (IV) Inmate From: |
posted 08-29-2002 16:43
Sound like insider's sorta Virus then |
Maniac (V) Inmate From: Den Haag: The Royal Residence |
posted 08-30-2002 17:43
About dirty.. |