Greenguy's Board - View Single Post - Warning: been hit hard by a new VX2 trojan

GeorgeTH · 2004-12-31, 04:25 AM

...which disguised itself as a fake Microsoft Security update!

It hit me on Thursday night, just before I wanted to go to sleep, so my awareness was seriously affected by the wish to go to bed... "Bloody leave me alone and do what you have to do" sorta reaction. Took me well over 30 hours to get my computer to work again (at this stage I don't say it's really fixed)!

Initial warning signs: you get the same little pop-up bubble above the taskbar "Your latest Microsdoft Security Update is ready..." (or so), just that the edges are not quite as clean and the dropshadow is kinda rough!

It tells you something about a Java update, and then installs way over 100 files on your computer, all viruses and and scripts burried in .cab compressed files - that's why my AVG didn't react! Only after they self-extracted the alarm bells went off! In the Java cache were 57 files alone, recognised by AVG, but also 57 zip files of same name NOT recognised by AVG! Sun simply recommends to empty the entire cache.

But there were also some 30 files which no virus checker recognised at all!!! [I've been to at least 4 different so-called housecall sites to do on-line checks]

Some solutions were to simply delete everything in affected directories which had the date stamp of the 29th/30th of December - just figured that the computer had worked before w/o these files, so why would there be a reason to keep them.

Whenever I returned from "Safe Mode" I went online and checked on these files; they appeared on some webboards (always in connection with trojans/virus discussions dating from 20th of Dec. or later - thank Google for spidering some sites very frequently), but they showed nowhere in wellknown knowledge-bases run by virus protection software co's. So I figure it's just a new thread with no protection against - yet.

I'm not completely sure if it came from a website or via ICQ; my guttfeeling tells me it came through ICQ, because by now I have removed some Java component (not really on purpose, was part of the cleaning process) and ICQ is complaining everytime it logs on (but it still runs).

Fu@#ing bastards doing malicious stuff like this should be tied to concrete blocks facing the Thai/Ceylon tsunami! |raygun|

It's New-Years-Eve now - I'll go and have a shower, eat something, and then some PARTY (though: I am exhausted already!)

HAVE A GOOD ONE!

2004-12-31, 04:25 AM	#1
GeorgeTH Don't let a programmer design your front-end pages! Join Date: Aug 2003 Location: currently on the road in CA Posts: 781	Warning: been hit hard by a new VX2 trojan ...which disguised itself as a fake Microsoft Security update! It hit me on Thursday night, just before I wanted to go to sleep, so my awareness was seriously affected by the wish to go to bed... "Bloody leave me alone and do what you have to do" sorta reaction. Took me well over 30 hours to get my computer to work again (at this stage I don't say it's really fixed)! Initial warning signs: you get the same little pop-up bubble above the taskbar "Your latest Microsdoft Security Update is ready..." (or so), just that the edges are not quite as clean and the dropshadow is kinda rough! It tells you something about a Java update, and then installs way over 100 files on your computer, all viruses and and scripts burried in .cab compressed files - that's why my AVG didn't react! Only after they self-extracted the alarm bells went off! In the Java cache were 57 files alone, recognised by AVG, but also 57 zip files of same name NOT recognised by AVG! Sun simply recommends to empty the entire cache. But there were also some 30 files which no virus checker recognised at all!!! [I've been to at least 4 different so-called housecall sites to do on-line checks] Some solutions were to simply delete everything in affected directories which had the date stamp of the 29th/30th of December - just figured that the computer had worked before w/o these files, so why would there be a reason to keep them. Whenever I returned from "Safe Mode" I went online and checked on these files; they appeared on some webboards (always in connection with trojans/virus discussions dating from 20th of Dec. or later - thank Google for spidering some sites very frequently), but they showed nowhere in wellknown knowledge-bases run by virus protection software co's. So I figure it's just a new thread with no protection against - yet. I'm not completely sure if it came from a website or via ICQ; my guttfeeling tells me it came through ICQ, because by now I have removed some Java component (not really on purpose, was part of the cleaning process) and ICQ is complaining everytime it logs on (but it still runs). Fu@#ing bastards doing malicious stuff like this should be tied to concrete blocks facing the Thai/Ceylon tsunami! \|raygun\| It's New-Years-Eve now - I'll go and have a shower, eat something, and then some PARTY (though: I am exhausted already!) HAVE A GOOD ONE! __________________ Have a nice day!