Multiple Attacks: List Follows

[Minira / Tokyo]

Symptoms:

- Sluggish overall system performance speed
- Firefox browser sluggish
- Firefox hangs / crashes
- MSIE hijack
- History and MRU records showing hundreds of program and
process initializations which were never engaged by the user
- Abnormally large history files of up to 600kb reflecting
the item immediately above
- ZoneAlarm Pro alerts of persistent multiple communication
attempts by:
- - Firefox browser (every 15 seconds)
- - Generic Host Services
- - Spool Server
- - Net BIOS
- - router (by manufacturer name)


+


Known / Detected List:

1 - TUOBA.A trojan
2 - JV/Shinwow trojan / Exploit-Byte Verify
3 - Unknown (Local Settings: file names - jar_cache*.tmp)
4 - Netsky (dozens of variations detected)
5 - Exploit.IFrame.Vulnerability
6 - JS.Trojan.Zerolin.B.Dropper

1,2 and 3
- apparently were web browser-sourced only.

3
- defeated McAfee attempts to delete / disinfect it, which
then defaulted to McAfee quarantine.
- attempts to delete / disinfect the McAfee quarantined
files defeated the delete / disinfect attempt, and simply
recycled the McAfee detection routine.

4,5 and 6
- exclusively sourced in spam mails
- even if detected / quarantined / spam-filtered, they
still land and operate on your system
- are not detected by anything but Bit Defender (that I
know about)
- all cleans, disinfects and deletes failed (except for Netsky)
- one or more of these likely goes straight to BIOS (very
strong probability, though not yet verified)
- one or more of these MAY affect / infect your modem,
router and/or hard firewall box.
- suspected but unproven effects on browsers (firefox,
msie, et al)
- suspected but unproven effects on ZoneAlarm Pro (soft)
firewall
- suspected but unproven counter-effects on virtually all
mal code detection and cleaning mechanisms

End of Message

 

[Swordfish]

You got some issues there. I had a similar problem when
using McAfee, it didn't seem to be that effective right
across the board.
I switched to Norton Internet Security, just recently
updated to 2005 version and have not had another issue
since.
Norton seems to have a hook on everything so theres
nothing that gets passed it that I have seen.

Originally before I switched I had to do a re-format and
clean install of XP as my system was too messed up to
recover.

Try the symantec website they have an extensive
knowledgebase on removing just about any virus.

 

[Minira / Tokyo]

-----Original Message-----
You got some issues there. I had a similar problem when
using McAfee, it didn't seem to be that effective right
across the board.
I switched to Norton Internet Security, just recently
updated to 2005 version and have not had another issue
since.
Norton seems to have a hook on everything so theres
nothing that gets passed it that I have seen.

Originally before I switched I had to do a re-format and
clean install of XP as my system was too messed up to
recover.

Try the symantec website they have an extensive
knowledgebase on removing just about any virus.


.

 

[Minira / Tokyo]

I had a nearly identical experience with Norton on another
recent system. And Norton didn't seem to like ZoneAlarm or
several other programs, includig several components of most
Windows OS. It hung and crashed my system frequently.
Eventually, one of the crashes was terminal an did disk and
data damage.

But thanks for the comeback.

 

[Ron Chamberlin]

Hi,
Boot into Safe Mode (F8), and run with your AntiSpyware programs. Delete
your Temp and Temporary Internet Files. Do an online virus scan and removal
form PandaSoftware or TrendMicro.

Ron Chamberlin
MS-MVP

 

[Minira / Tokyo]

Thanks for the reply:

Did all that and much, much more. This is not technically
accurate, clinical language, but the mal code appears to
"morph and move".

Post-mortem:

1
Bit Defender scan was the only mechanism which found mal
code otherwise completely undetected by all others.

2
The only AV/AT ware I've since found which even *lists*
several of my mal code in their definitions is Vexira. But
I have not tried their software yet, nor do I know anything
about them as a new AV-kid on the block.

+

 

[Minira / Tokyo]

I should recap here with the following:

- Bit Defender remote hd scan fund some of the otherwise
undetected mal code, but I have not yet purchased and used
their wares.

- Vexira's web site *lists* some of the otherwise
undetected mal code, but I have not yet purchased and used
their wares.

I am pointlessly contemplating the prospect of putting more
money into yet two more wares which find the currently
known *original* mal code files, but possibly leave others
on my hd, such as unknown exploded mal files.

Obviously I will have to get off my butt and make a
decision shortly.

Just having my "deer in the headlights" moment.

Minira