Another AOL IM virus.
This one came from fun001.dynu.net/info.php?file=img021.jpg_______
When a user runs the linux it creates a file called lockx.exe
Lockx then creates a file c:\windows\system32\msdirectx.sys (detected by macfee as FURootkit) and c:\xz.bat (Prockill-cv)
I am also seeing it create a file c:\windows\system32\silient_kuwait150.exe
looks like the silient_kuwait150.exe is spyware.
This entry was posted on Thursday, September 29th, 2005 at 1:34 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
Ian's blog is proudly powered by WordPress
Entries (RSS) and Comments (RSS).
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| CookieLawInfoConsent | 1 year | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
| PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
so i searched for the virus i have on my computer in yahoo and it came to this… do you know how to get rid of this thing?
We are recommending that people don’t click on link in IM with out first checking with the person who sent it to make sure that they sent it. Hard I know but something to think about.
What virus software are you using and what virus was reported by the virus software. If you only see FURootkit and ProcKill-cv were detect and deleted then you are in good shape. You can just do a full scan of your computer and you will be good.
The saving grace of this virus was that when run it tried to create 2 new files that were known viruses which were caught by an uptodate virus package.
My experience was with Mcafee so other vendors might be slightly different.
well, i clicked on the link (blegh!) and I have McAfee, but I did an online virus scan with McAfee and it detected it, I can’t figure out how to do a total system scan with McAfee (i’m a computer moron!)
I have only played with the enterprise version which will probably be different from the home version. I right click on the virus scan shield at the bottom right of the screen (next to the clock) I then choose virus console. Then click on “On Demand Scan” then choose start.