Virus at Dtv

Conspirator
User avatar
Posts: 8037
Joined: Thu Jul 30, 2009 9:19 pm

PostWed Dec 07, 2011 5:10 pm » by Harbin


Object:
http://www.disclose.tv/members

threat:
JS/Iframe.AS trojan

quarantined.
:think:
Image
Antiwar.com

Conspirator
User avatar
Posts: 8037
Joined: Thu Jul 30, 2009 9:19 pm

PostWed Dec 07, 2011 5:18 pm » by Harbin


2011-12-07 13:23

Android/TrojanSMS.Agent.S, Android/TrojanSMS.Agent.T (5), Android/TrojanSMS.Agent.Y (3), BAT/Agent.NLF, BAT/Qhost.NOX (2), BAT/Regger.NAB, BAT/TrojanDownloader.Agent.NDV (3), Java/Exploit.CVE-2011-3544.B (2), JS/Agent.NDS, JS/Exploit.Pdfka.PFU, MSIL/Agent.AS, MSIL/Injector.PF, MSIL/TrojanDropper.Agent.JO (2), Win16/TrojanDropper.Agent.B, Win32/Adware.EasyPoint.B (2), Win32/Adware.GXB (2), Win32/Adware.HDDRescue.AB, Win32/Adware.WinPump.AB, Win32/Agent.SFM (2), Win32/Agent.TGV (2), Win32/Agent.TGW, Win32/Ainslot.AA (2), Win32/AutoRun.IRCBot.HJ, Win32/Bifrose (3), Win32/Bifrose.NTA (3), Win32/Delf.ODP (3), Win32/Delf.QBH (2), Win32/Dorkbot.B (4), Win32/DownVision.AA, Win32/Flooder.Ramagedos.E, Win32/FunWeb.AA (2), Win32/Injector.EGW, Win32/Injector.LXB, Win32/Injector.LXC, Win32/Injector.LXD, Win32/Injector.LXE, Win32/Injector.LXF, Win32/Injector.LXG, Win32/Injector.LXH, Win32/Injector.LXI, Win32/Injector.LXJ, Win32/Injector.LXK, Win32/KeyLogger.SpyLantern.B (3), Win32/Kryptik.WVC, Win32/Kryptik.WVE, Win32/Kryptik.WVF, Win32/Kryptik.WVG, Win32/Kryptik.WVH, Win32/Kryptik.WVI, Win32/Kryptik.WVJ, Win32/Kryptik.WVK, Win32/Kryptik.WVL, Win32/Kryptik.WVM, Win32/Kryptik.WVN, Win32/Kryptik.WVO, Win32/Perez.AA, Win32/Poison.AJQS, Win32/Prosti.C, Win32/PSW.Delf.OAY, Win32/PSW.Fignotok.H, Win32/PSW.OnLineGames.PGI, Win32/PSW.OnLineGames.POQ, Win32/PSW.OnLineGames.PUW, Win32/PSW.OnLineGames.PXB, Win32/Qhost, Win32/Rbot, Win32/Rbot.NAD, Win32/Sirefef.DB, Win32/Spatet.A (7), Win32/Spatet.I (3), Win32/Spy.Banker.WZE (2), Win32/Spy.Delf.OZF (3), Win32/Spy.Shiz.NCF (4), Win32/Spy.SpyEye.CA (2), Win32/Spy.VB.NNR (2), Win32/Spy.Zbot.AAH, Win32/Spy.Zbot.YW (5), Win32/TrojanDownloader.Agent.QXN, Win32/TrojanDownloader.Agent.QZX (2), Win32/TrojanDownloader.Banload.QNY
Image
Antiwar.com

Writer
User avatar
Posts: 68
Joined: Thu Dec 09, 2010 2:15 am

PostWed Dec 07, 2011 5:56 pm » by Tradeshowjoe


help me out Har...
what does this mean, what should we do?

Conspirator
User avatar
Posts: 1904
Joined: Mon Jan 03, 2011 7:58 pm

PostWed Dec 07, 2011 6:07 pm » by Richc


I got this one as soon as i opened the site....

exploit.PDF-JS.PF

Blocked by my software...

Not good.!

RIK
"Theres A Storm Coming!"

Super Moderator
User avatar
Posts: 9120
Joined: Fri May 14, 2010 7:03 pm
Location: Inside You.

PostWed Dec 07, 2011 6:25 pm » by Troll2rocks


That is a remote downloader, that is a vicious little piece of software that if it gets in would need a total flash in order to remove it. The detection and quarantine is in no way a failsafe in this case, the detection and quarantine may just mean it found several parts of packages that your virus detection software was able to recognize.

You need to do a boot time scan and in a high efficiency detection mode. That is a very dangerous piece of malware.

Do yourself a favour and run your scan on boot time start up safe mode.

If it comes back clean which it might, you then need to go into your system files and locate where the bug links itself to (usually ntfs systems)

If you run individual scans on suspect files, and come up with nothing.

Head on over to your system restore back ups, (that is where it hides and it is a nightmare to remove with out total deletion of all system backs ups from day one of purchase)


How it works....


It enters your system either through a download or an .exe file, it gets in, and all the time while you are connected to the internet either wired or wireless it will remotely download malware packets (in the background, your browser does not even need to be active) it can bypass all security in one way or another, and also take control of admin user status, and also use your computer for a whole host of things (including a remote hub for other infections) the first thing that it will usually dial up is a root kit.

A root kit is a whole host of malware designed to bury itself into your system registry through a number of means that if left for a very small amount of time is all but impossible to remove entirely without a full flash and restore from hard copy back ups.

Do not click the links, I would advice removing them altogether because a click is all it takes, and I am deadly serious when I say that just because your protection says detected and quarantined, it does not mean that the core did not get in, because it is designed to do just that, bypass.


Trust me and do as I say.

:cheers:
Image
Censorship debunking & disinformation, it's all in a days work.

Conspirator
User avatar
Posts: 1904
Joined: Mon Jan 03, 2011 7:58 pm

PostWed Dec 07, 2011 6:30 pm » by Richc


troll... Are you refering to mine or harbins.?

RIK
"Theres A Storm Coming!"

Super Moderator
User avatar
Posts: 9120
Joined: Fri May 14, 2010 7:03 pm
Location: Inside You.

PostWed Dec 07, 2011 6:36 pm » by Troll2rocks


richc wrote:troll... Are you refering to mine or harbins.?

RIK



Both could be one and the same if it has a common connection, the detection would only detect what it can recognize and what is attempting to influence your system. So you would have different things detected and quarantined. Depending on what is being pushed through your system by the program.

Better to be safe than sorry, do as I say above.

:cheers:
Image
Censorship debunking & disinformation, it's all in a days work.

Conspirator
User avatar
Posts: 4007
Joined: Wed Feb 16, 2011 9:03 pm

PostWed Dec 07, 2011 6:38 pm » by Rydher


I don't know if this helps the mods/admin or whatever but I got this.

- Traffic from IP address 95.57.120.139 is blocked from 12/7/2011 10:33:19 AM to 12/7/2011 10:43:19 AM.

- Web Attack: Malicious Executable Download detected.
Traffic has been blocked from this application: C:\Program Files\Java\jre6\bin\java.exe

- Web Attack: Malicious File Download Request 10 detected.
Traffic has been blocked from this application: C:\Program Files\Mozilla Firefox\firefox.exe

Conspirator
User avatar
Posts: 1904
Joined: Mon Jan 03, 2011 7:58 pm

PostWed Dec 07, 2011 6:55 pm » by Richc


Thanks troll..

Doing just that. :cheers:

RIK
"Theres A Storm Coming!"

Conspirator
User avatar
Posts: 3085
Joined: Tue Oct 26, 2010 4:35 pm

PostWed Dec 07, 2011 7:01 pm » by Poooooot


bahhhh :ohno:

I'm on my work computer! This fucking sucks. My boss will kill me! :peep:

When I logged on it said "click here to continue to site" -- of course I didn't... but now i'm nervous. :nails: :scary:
Matthew 7
“Do not judge, or you too will be judged. For in the same way you judge others, you will be judged, and with the measure you use, it will be measured to you.


Next

  • Related topics
    Replies
    Views
    Last post
Visit Disclose.tv on Facebook