Ill computers
Feb. 8th, 2010 07:10 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
davidnFor a long time now, I'd thought that computer viruses were things only contracted by idiots and users of Internet Explorer (qualifications which it must be said often go hand in hand). But we had an infection of something at work last week that necessitated going out to buy a new hard drive, and my work laptop's just got something today as well. I'm not sure how it happened - as far as I can remember I wasn't doing anything with it that was more horrific than normal.
I got a trojan warning from Avast when things were going well on massive upgrade #3 of 4 in the middle of the day, and not too long after that, I noticed a process taking up far too much CPU time, and a pop-up advert appearing that was an Internet Explorer window trying to look like Firefox (the icon in the taskbar was wrong). Further, it seemed that some Google links were being redirected - I thought I'd just misclicked the first couple of times, but when I clicked on MalwareBytes and got a page about how to have a healthy pregnancy I was beginning to suspect that something was wrong.
Spybot caught it, it's called Virtumonde.prx and fiddles with your Internet traffic, so I've disconnected it from the network while it runs a giant scan to see if it's been successful in removing it after one reset. HijackThis couldn't seem to, though, so if that doesn't work I have Combofix and a big list of instructions to fall back on.
I got a trojan warning from Avast when things were going well on massive upgrade #3 of 4 in the middle of the day, and not too long after that, I noticed a process taking up far too much CPU time, and a pop-up advert appearing that was an Internet Explorer window trying to look like Firefox (the icon in the taskbar was wrong). Further, it seemed that some Google links were being redirected - I thought I'd just misclicked the first couple of times, but when I clicked on MalwareBytes and got a page about how to have a healthy pregnancy I was beginning to suspect that something was wrong.
Spybot caught it, it's called Virtumonde.prx and fiddles with your Internet traffic, so I've disconnected it from the network while it runs a giant scan to see if it's been successful in removing it after one reset. HijackThis couldn't seem to, though, so if that doesn't work I have Combofix and a big list of instructions to fall back on.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-02-09 12:46 am (UTC)I know dhl.com is a real website but I'm pretty sure it's some kind of coverup... the attachment of delivery advice and shipment label to be taken to the depot for pickup is a .zip file. I've always been taught that .zips are the bog standard of virus carries.
Should I be opening this? Or if so... on a work computer instead? ;)
no subject
Date: 2010-02-09 12:50 am (UTC)no subject
Date: 2010-02-09 02:19 am (UTC)It's odd - my own virus (which is hopefully gone now) wasn't an email attachment or anything, and I wasn't doing anything out of the ordinary - it just suddenly appeared as a trojan warning which Avast completely failed to deflect.
no subject
Date: 2010-02-09 10:41 am (UTC)I just didn't think malicious emails could be sent from real companies.
no subject
Date: 2010-02-09 12:40 pm (UTC)no subject
Date: 2010-02-09 01:29 pm (UTC)Nice job Watson.