Virus at Dtv

Wed Dec 07, 2011 5:10 pm » by **Harbin**

Object:
http://www.disclose.tv/members

threat:
JS/Iframe.AS trojan

quarantined.
:think:

Wed Dec 07, 2011 5:18 pm » by **Harbin**

2011-12-07 13:23

Android/TrojanSMS.Agent.S, Android/TrojanSMS.Agent.T (5), Android/TrojanSMS.Agent.Y (3), BAT/Agent.NLF, BAT/Qhost.NOX (2), BAT/Regger.NAB, BAT/TrojanDownloader.Agent.NDV (3), Java/Exploit.CVE-2011-3544.B (2), JS/Agent.NDS, JS/Exploit.Pdfka.PFU, MSIL/Agent.AS, MSIL/Injector.PF, MSIL/TrojanDropper.Agent.JO (2), Win16/TrojanDropper.Agent.B, Win32/Adware.EasyPoint.B (2), Win32/Adware.GXB (2), Win32/Adware.HDDRescue.AB, Win32/Adware.WinPump.AB, Win32/Agent.SFM (2), Win32/Agent.TGV (2), Win32/Agent.TGW, Win32/Ainslot.AA (2), Win32/AutoRun.IRCBot.HJ, Win32/Bifrose (3), Win32/Bifrose.NTA (3), Win32/Delf.ODP (3), Win32/Delf.QBH (2), Win32/Dorkbot.B (4), Win32/DownVision.AA, Win32/Flooder.Ramagedos.E, Win32/FunWeb.AA (2), Win32/Injector.EGW, Win32/Injector.LXB, Win32/Injector.LXC, Win32/Injector.LXD, Win32/Injector.LXE, Win32/Injector.LXF, Win32/Injector.LXG, Win32/Injector.LXH, Win32/Injector.LXI, Win32/Injector.LXJ, Win32/Injector.LXK, Win32/KeyLogger.SpyLantern.B (3), Win32/Kryptik.WVC, Win32/Kryptik.WVE, Win32/Kryptik.WVF, Win32/Kryptik.WVG, Win32/Kryptik.WVH, Win32/Kryptik.WVI, Win32/Kryptik.WVJ, Win32/Kryptik.WVK, Win32/Kryptik.WVL, Win32/Kryptik.WVM, Win32/Kryptik.WVN, Win32/Kryptik.WVO, Win32/Perez.AA, Win32/Poison.AJQS, Win32/Prosti.C, Win32/PSW.Delf.OAY, Win32/PSW.Fignotok.H, Win32/PSW.OnLineGames.PGI, Win32/PSW.OnLineGames.POQ, Win32/PSW.OnLineGames.PUW, Win32/PSW.OnLineGames.PXB, Win32/Qhost, Win32/Rbot, Win32/Rbot.NAD, Win32/Sirefef.DB, Win32/Spatet.A (7), Win32/Spatet.I (3), Win32/Spy.Banker.WZE (2), Win32/Spy.Delf.OZF (3), Win32/Spy.Shiz.NCF (4), Win32/Spy.SpyEye.CA (2), Win32/Spy.VB.NNR (2), Win32/Spy.Zbot.AAH, Win32/Spy.Zbot.YW (5), Win32/TrojanDownloader.Agent.QXN, Win32/TrojanDownloader.Agent.QZX (2), Win32/TrojanDownloader.Banload.QNY

Wed Dec 07, 2011 5:56 pm » by **Tradeshowjoe**

help me out Har...
what does this mean, what should we do?

Wed Dec 07, 2011 6:07 pm » by **Richc**

I got this one as soon as i opened the site....

exploit.PDF-JS.PF

Blocked by my software...

Not good.!

RIK

Wed Dec 07, 2011 6:25 pm » by **Troll2rocks**

That is a remote downloader, that is a vicious little piece of software that if it gets in would need a total flash in order to remove it. The detection and quarantine is in no way a failsafe in this case, the detection and quarantine may just mean it found several parts of packages that your virus detection software was able to recognize.

You need to do a boot time scan and in a high efficiency detection mode. That is a very dangerous piece of malware.

Do yourself a favour and run your scan on boot time start up safe mode.

If it comes back clean which it might, you then need to go into your system files and locate where the bug links itself to (usually ntfs systems)

If you run individual scans on suspect files, and come up with nothing.

Head on over to your system restore back ups, (that is where it hides and it is a nightmare to remove with out total deletion of all system backs ups from day one of purchase)

How it works....

It enters your system either through a download or an .exe file, it gets in, and all the time while you are connected to the internet either wired or wireless it will remotely download malware packets (in the background, your browser does not even need to be active) it can bypass all security in one way or another, and also take control of admin user status, and also use your computer for a whole host of things (including a remote hub for other infections) the first thing that it will usually dial up is a root kit.

A root kit is a whole host of malware designed to bury itself into your system registry through a number of means that if left for a very small amount of time is all but impossible to remove entirely without a full flash and restore from hard copy back ups.

Do not click the links, I would advice removing them altogether because a click is all it takes, and I am deadly serious when I say that just because your protection says detected and quarantined, it does not mean that the core did not get in, because it is designed to do just that, bypass.

Trust me and do as I say.

:cheers:

Wed Dec 07, 2011 6:30 pm » by **Richc**

troll... Are you refering to mine or harbins.?

RIK

Wed Dec 07, 2011 6:36 pm » by **Troll2rocks**

richc wrote:troll... Are you refering to mine or harbins.?

RIK

Both could be one and the same if it has a common connection, the detection would only detect what it can recognize and what is attempting to influence your system. So you would have different things detected and quarantined. Depending on what is being pushed through your system by the program.

Better to be safe than sorry, do as I say above.

:cheers:

Wed Dec 07, 2011 6:38 pm » by **Rydher**

I don't know if this helps the mods/admin or whatever but I got this.

- Traffic from IP address 95.57.120.139 is blocked from 12/7/2011 10:33:19 AM to 12/7/2011 10:43:19 AM.

- Web Attack: Malicious Executable Download detected.
Traffic has been blocked from this application: C:\Program Files\Java\jre6\bin\java.exe

- Web Attack: Malicious File Download Request 10 detected.
Traffic has been blocked from this application: C:\Program Files\Mozilla Firefox\firefox.exe

Wed Dec 07, 2011 6:55 pm » by **Richc**

Thanks troll..

Doing just that. :cheers:

RIK

Wed Dec 07, 2011 7:01 pm » by **Poooooot**

bahhhh

I'm on my work computer! This fucking sucks. My boss will kill me! :peep:

When I logged on it said "click here to continue to site" -- of course I didn't... but now i'm nervous. :nails: