Virus

Kayn696 · May 28, 2011, 9:31pm

Ne bin ja dankbar für jede Lehrstunde ;-)

Basler_546_de · May 28, 2011, 9:35pm

Hallo,

Nimm das und das, jeweils die Freeware Version. Habe ich drauf, geht problemlos mit Nis.

Installieren, aktualisieren und scannen.

Log hier posten.

Basler

dallas_maverick · May 28, 2011, 9:45pm

Hallo Kayn,

Was zu tun ist :

1. Falls du uns die SYS Datei zur Analyse zuschicken moechstest musst du ein Archiv davon erstellen ( mit Win ZIP oder Win Rar ) und es auf einer Filesharing Seite hochladen, so wie :

https://www.yousendit.com

Anschliessend musst du den Link hier posten.

2. Ueber den gleichen Link kannst du uns die Log Datei von Norton Power Eraser schicken.

3. Tut mir leid es dir jetzt schon sagen zu muessen, aber wenn du Kaspersky installierst wird es auch nicht viel nutzen.

Es ist ein Rootkit von der TDL/TDSS Familie, dieser patcht den atapi.sys treiber, so wird es immer wieder geladen wenn du den Rechner neustartest. Von Kaspersky gibt es ein anderes tool dafuer : TDS Killer

Es ist wiedermal Vorsicht gefragt, bitte nur Bereinigungsaktionen durchfuehren und nicht loeschen, sonst schreibst du uns von dein Handy :smileyhappy:

Dieses Rootkit aendert sich von Tag zu Tag, deshalb hat Norton beschlossen keine Reinigung vorzunehmen und den Rootkit lieber zu isolieren. Norton sagt dir welche Datei infiziert ist, aber ein manuelles eingreifen ist noetig.

Fuer weitere Fragen bin ich gerne da,

John

Basler_546_de · May 28, 2011, 9:45pm

Gute Nacht,

Ich schau morgen wieder rein.

Basler

UserofSeven_1317_de · May 29, 2011, 6:31pm

Hallo,

wenn du die Datei nicht hochladen kannst, probiere sie per Mail an Virustotal zu senden:

http://www.virustotal.com/advanced.html#email

Alternativ wie bereits von anderen Usern gesagt, als ZIP probieren. Falls das alles nicht geht, weil die Datei vielleicht von einem Virus geblockt wird, starte den Rechner im abgesicherten Modus mit Netzwerktreibern. Probiere, die Datei dann hochzuladen.

UserofSeven

dallas_maverick · June 13, 2011, 11:42am

Hallo Leute,

Falls ihr es auch mit diesen Rootkit zu tun habt ( TDL / TDSS / Tideserv Request ) koennt ihr diesen Tool hier verwenden:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-090608-3309-99

wir waeren euch sehr dankbar wenn ihr uns weitere Infos liefern koenntet, so wie :

1. Durch welche Seite ist es zu der Infektion gekommen oder mit welcher Installationsdatei ?

2. Ladet bitte die Dateien die ihr als verdaechtig erkannt habt bei Security Response hoch :

http://www.symantec.com/business/security_response/submitsamples.jsp

mfg

John

JulesNemo · August 30, 2013, 8:07pm

Hallo!

Ich habe ein Problem und zwar erscheint bei mir im Firefox immer ein AddOn "Offer Mosquito". Es installiert sich immer selbst. Wie kriege ich das Problem gelöst?

Danke!

logi42 · November 23, 2013, 5:02pm

Hallo Ale,

ja, Norton hat den Angriff erfolgreich blockiert!

Keine Sorge es ist nichts auf deinem Rechner gekommen.

Grüße

Manuel

Ale_100906_de · November 23, 2013, 5:10pm

Danke un schone Wochenende.

logi42 · November 23, 2013, 5:13pm

Gleichfalls.

Würdest du bitte noch den Thread als gelöst markieren.

Danke

Grüße

Manuel

SUBASH_PRABU · February 22, 2012, 9:52pm

Hi

From which location they are been removed by NPE or by the Norton scan ?

Delete all your Temporary files in temp and in %temp%: Run -> type temp -> delete all -> type %temp -> delete all

Check you are installed applications for any suspicious entries in control panel -> Programs and features

Also check your startup items for any suspicious entries in Run->msconfig->Startup (check the path)

DarL · February 22, 2012, 6:13pm

I have a HP Laptop with Windows 7 (64-bit) installed with Norton Internet Security 2011 came with the computer. Since Sunday, (2) virus have showed up. I have run a full scan with Norton & used the Norton Power Eraser. This product erases the files temporarily, but when I re-boot it is back again.

I have upgraded to Norton Internet Security 2012 & still have the same virus showing up. The virus are: Donwloader.Dromedan and W32.Cridex. Cannot find anything in the registry, but I am not one that modifies the registry unless I know what I am doing. The files involved are: 25.11.pdf.exe and report.18653pdf.exe

Can someone tell me how to eliminate these (2) virus & help remove the items in the registry? Your help will be appreciated.

Thanks,

DarL

Calls · December 11, 2012, 11:04pm

I’ve always wondered about that myself. Not necessarily from redtube lol. But from some infected site

Calls · December 11, 2012, 11:36pm

My guess though is that norton would catch it

Zurchiboy · December 12, 2012, 2:33am

I always wonder that too. I also wonder if you can get a phishing page on an I phone to.

Dick_Evans · December 12, 2012, 2:48am

Maybe we should move this thread to the mobile apps forum so you can get better exposure and maybe some good responses :smileywink:

Calls · December 12, 2012, 4:14am

Wonder that might be good. I though I remember hearing that the is of the iPhone sort of protects against malicious attacks. Also heard that those sites the op referred to, are shown by safe web to not be infected

Calls · December 12, 2012, 3:55pm

R_1988
You may want to google “can my iPhone get infected”.
There are a couple of posts on the apple site that seem to indicate iPhones don’t get infected.
When you go to the porn sites do you actually download videos to save on your phone? Or just watch them?
Wonder if this post should go back to original posting location as it talks of virus make ware issues?

Andmike · December 12, 2012, 9:21pm

R_1988BR wrote:
Can I get a Virus on my Iphone if I watch videos at Redtube? Like some virus that damage my Iphone or one that stays dorment and when i plug my Iphone on my computer it attacks my computer?

I am conscious that no one has replied to R_1988BR's question since the move of his message to the Mobile Security forum, and while it am not an Apple man and do not claim to have any great knowledge of malware I thought that someone should try a response.

As I understand it there are a lot of very resourceful people in the world who put a lot of effort into generating malware. Fortunately there are also a number who try and stop them. The design of the Apple and Android operating systems were intended to make life difficult for malware creators but you can never be sure that all ends are covered. So using an iPhone reduces the risks, having some form of Anti-Malware app on it will help further and being very careful what you load on the device and where you take it will help a lot. Some locations are more attractive to malware distributors and form what little I know about it Redtube and the like would seem to be attractive to them. That said I know of no malware that has been distributed to an iPhone from Redtube. As for the possibility of something that does not affect an iPhone, going on to affect your desktop; I assume that is possible, though I would have thought it currentlly unlikely in most cases. If you have a good anti-malware package on the desktop as well that should also help.

In summary - the world is not risk free and there is nothing that is absolutely safe. Being careful and thinking about what you are doing should help to keep you safer.

Not sure if that helped but I hope it did a bit.

Maybe someone with an iPhone would like to comment?

Calls · December 13, 2012, 12:09am

so it is not likely at this time that something malicious/virus will infect your iPhone then wait quietly until the iPhone is connected to the PC then attack the PC? In essence the iPhone can’t be a carrier? I know nothing is 100% absolute but safe to say not likely at this time?

Virus

Announcements