Posted 12 January 2005 - 05:15 PM
I've been haunting SpywareInfo for a while. I have rarely posted as I am the only guy handling this problem in my company. (Read as ~1500 systems/users) This keeps me REALLY busy.
I have worked out a process that will give you control of your system in most cases in about 30 minutes. It is easy, realitively speaking, and not harmful. If anyone is interested I can pass this information along. (Like I won't hear about this one. [:-)
However, my biggest problem is determining a VX2 "infection" and squashing it. I've been toying with a few tools to help and I have successfully removed these things from systems completely. (As near as I can determine.) What I need is an easier way to find them.
I am aware of the normal tools and have used them. The system I just finished with had a new variant that was not being detected. However, I knew it was there as one of the files kept reappearing. To make matters worse it was also in a rootkit form.
During the removal process I accidentally destroyed to of the files but I have the remaining ones intact. I have not determined the original installation file and probably never will.
Would anyone have some additional information on this nightmare?
Thanks for letting me rant!
Posted 12 January 2005 - 07:59 PM
Let me guess - the Narrator key didn't show up in HJT until a few hours of nuking with DLLCompare and FindIt went by?
Posted 12 January 2005 - 08:52 PM
On the lighter side, huh, I just found the second system in our environment with exactly the same one. Some of the file names were the same others were obviously random. I may snag the drive for further testing and comparison.
I would LOVE to get my hands on the actually install file so I can track it on a virgin system.
Edited by reedprigmore, 12 January 2005 - 08:53 PM.
Posted 13 January 2005 - 08:06 AM
There's an application in the Open Forum.
You can surf around the web on a virgin XP VMWare installation and find TONS of malware - just surf free porn sites and Google for MP3 downloads of popular artists. You'll come across the strain fairly quickly.