Dave, o, boy--Alurion is in fact a rootkit. So, he was correct on that score.
Here's what I think, & u may wanna decide if this is all worth your
time for extended family who's not paying u.
First & foremost, image the drive. Seriously. That probly should've
been done prior to doing any cleaning, especially if the default is to
delete files as opposed to putting them into quarantine, but, in any
event, do it b4 u do anything more on that drive. I'm really serious
about that. That way, if things go to hell in a handcart, you'll have
something to go bak to. Otherwise, you're pretty much screwed.
Once you've imaged the drive, & are pretty sure u u got all the
nasties off, then do a chkdsk on the original to mitigate any file
corruption.
It is possible that the malware changed the user profile name, so look
for that possibility. Also make sure that none of those fall into the
category of file infectors, because, if so, saving the files could in
fact lead to reinfection once the box has been reformatted & the files
restored.
HTH.
On 4/19/12, David Mehler
Hello,
Has anyone dealt specifically with any of the following malware:
1. Exploit:Java/CVE-2012-0507.R 2. backdoor:Win32/Kelihos.F 3. Exploit:Java/CVE-2010-0840.QI 4. exploit:Java/CVE-2012-0507.R!ldr 5. TrojanDownloader:Win32/Waledac.C 6. trojan:Win32/Tibs.IT 7. Trojan:Win64/Alureon.gen!F 8. Trojan:Win64/Alureon.gen!J 9. trojan:Win32/Alureon.gen!AD 10. Trojan:Win32/Orsam!rts 11. trojan:Win32/Alureon.FK 12. Trojan:DOS/Alureon.I 13. trojan:Win32/Dynamer!dtc 14. Trojan:Win32/Dynamer!dtc
on a win7 64 bit machine?
This one is going to be convoluted. An individual who gives me more computer headaches than anyone else but he also happens to be extended family, called me about two weeks back claiming his box had a worm. I think he was running Norton 360. I do not know the name of the worm or if it was a worm. He didn't give me the box until four days ago when problems had eskelated to a backdoor/rootkit, trojan, and a virus his words. His cleaning efforts did not take the box off the internet so I wouldn't be surprised. The thing that got the box finally to me was a black screen, my guess is a very corrupted windows given some of the above malware I've googled as well as a report that his user profile, documents, background, pictures, etc was gone. The drive in question is very full only having 20 GB left of space.
Here's the problem, I put that drive in an external enclosure hooked it up to a test box and cleaned it, took two passes of Security Essentials and Malware bites to do it, found the above listing of stuff this is after his "cleaning efforts" I can only have nightmares about what this looked like before. Two problems, the black screen (corrupted windows or registry my guess), and file permission changes.
He reported to me that certain files were "hidden" I have since discovered that they are operating system protected, but his profile is not accessible, it's showing up as a folder with no files or folders in it.
These reports are still from this drive being in the external enclosure, I have not rehooked it up to it's motherboard, I believe my next step is to blow it away, it sounds like it is really bad, but I've got to get the profiles, documents, pictures, etc. Suggestions welcome, none of my googling on the above indicated they did anything with regards changing file attributes to hidden or setting files "protected" by the operating system.
Thanks. Dave.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Blame the computer--why not? It can't defend itself & occasionally might even be the culprit Jackie McBride Ask Me Computer Questions at: www.pcinquirer.com Jaws Scripting training materials: www.screenreaderscripting.com homePage: www.abletec.serverheaven.net