Vundo - Virus/Trojan/Hijack etc.

Started by Hans Manhave, October 01, 2009, 09:45:35 AM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

Billy Welsh

Quote from: Robin Deatherage on March 10, 2010, 11:52:15 AM
Is it just me or does there seem to be an increase in virus infections from the web lately?  I've had several machines hit in the last few months.  I'm wondering if that means my anti-virus isn't doing a good job with updating their definition files or my users' reckless browsing habits are just catching up to them (and me).  I'm thinking both. 

It is not just you.  >:(

We are using AVG here (paid good $ for it), and I have AVG Free at home and at my in-laws.  We've been hit here 5 times in recent months, and so have my in-laws and my home PC (one time each).
Billy Welsh
Director of Accounting
LCMC Health

Bloody Jack Kidd

If one does come across a suspicious file - submit it to http://www.virustotal.com for analysis, which will not only help you determine if it's malware, but will also give you some insight as to which AV engines are giving consistent results.

A very recent incident here left me with several executables on a server that were suspicious but undetected by all the engines I have at my disposal (Sophos, F-Prot, ClamAV)

So I ran it thru VirusTotal - very enlightening
Sysadmin - Parallel42

Robin Deatherage

Quote from: Rob Talkington on March 10, 2010, 05:09:46 PM

Was it the same virus that hit all of those machines? 

How often does your av software check for updates?


I believe it is a different varient of the same virus.  The AV is supposed to check for updates once a day.  So far I've been able to get rid of it using Malewarebytes and ComboFix.  Have to run them both several times though, starting off in safe mode.  Spent almost the entire day yesterday working on an infected machine.
Robin Deatherage, CIC
Chas. Lunsford Sons & Associates | Roanoke, VA
Applied Private Cloud Server; TAM 2014; Fax@vantage v9; Office 2010;
Applied Hosted Exchange; 3 Office Locations

Rob Talkington

Sounds liike you're having a good ole time with this.  I want to make sure I've got this straight.  You're still getting additional PC's infected with this particular virus and it's been the same one or a variant for a few months now?

If this is the case what is the name(s) of the virus it is detecting?  You may have an infected file somewhere on the network like Rick possibly had.  I'd run a Malwarebytes scan on your file server(s) to see if it catches something. 
Rob Talkington
IT Manager
Salem Insurance Agency
Goshen, IN
Tam 10.3, 24 users

Jan Regnier

[/quote]  The AV is supposed to check for updates once a day.  [/quote]

I guess I am somewhat anal about this...but I have our AV set to check and update 1 @ hr......
probably being in a small office I can get away with this time element.... 
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Bloody Jack Kidd

I have Sophos EM Library grabbing updates 2X daily, and for the most part there's about 3 new or modified IDEs (signatures) each time.  At max I'd probably do somewhere between 4-6 per day.

Nothing wrong with 1 per hour, but likely if you check the logs most of the time there isn't much coming down.  So in one sense, it's a waste of resources, but on the other hand, it's a quick check with a NULL result so the impact is negligible. 
Sysadmin - Parallel42