Jump to content


  • Content Count

  • Joined

  • Last visited

About Mutt

  • Rank
    New Member

Previous Fields

  • System Specifications:
    MTI - Dual 2.8G Pentiums, GigaByte M/B, 2 IDE - 320 G each; 2 SATAs - 500 G each, 2 DVD-RWs, ATI 9800, etc
  1. Hello...As i am new to this forum, and even more busy with work in order to make the same dollar...I am just able to return to this site. I let a honeypot machine get infected using the files from the customer's PC I mentioned in my first post, and we were watching the traffic of this version of Virut. By tonight, I think we will rain on their parade for pulling this new stunt - or at least on the people looking over our fake personal info. As mentioned by the other posts, Virut immediately goes after system files as quickly other files. And this version appears to escape detection unless the AV is very up-to-date....Kap, Norton, McAffee, and iolo all seem to be adding the updated virus characteristics around the past 3 weeks - another client has two infected laptops that imediately caught it and they had outdated Norton def - prob the prior virus version (we have started the work - they were two laptops that were for travel use so they just put them away to deal with later, until they saw our weekly customer email). Although most people hate the control of MS and their autoupdates, it does not pay to turn off the AV update feature. This is one of those virus' that does not allow any easy way to clean them without trashing the file itself. But we noticed they took no time working on trying to upload new junk to the honey pot. We occasionally drop the connection in order to see how they will behave in reconnect attempts - their willing. They started downloading some docs and the favorites. They will be unpleasantly surprised with the dummy password safe file though. Next time you reformat - use AV and make a backup of your initial install. [email protected]
  2. As I was doing a basic search on the latest filenames associated with an updated "old" virus, this post came up as 1 of 2 web pages found. I just spent a pain in the rear 15 min to get on to reply, as this is fairly important. Yes its a virus....but its probably an updated form of "Virut" - one of the Russian "gangsta" attempts of rippin of primarily American consumers or related users that visit sites that show up in English Google seach results. Nice huh... I am still in my initial phases of "taking apart" a customers' files as this can easily turn into a nasty problem, and easily spread or allow a backdoor into your servers and/or workstations. It infects almost everything- systems files, etc - exe, htm, scr, html, xml, zip, etc.....and since in infects many windows' system files, trying to save ur pc load is not a great option as it has a more than 50% failure rate in the end anyways - u cant delete all infected files (unless you are of course wiping the drive to start "fresh"). The AV you use must clean them, without damaging them...which rearely occurs with this virus. And they appear to have improved it some - I give them a little cred for writing it a little better - it now acts like a polymorph, infects asp, is a persistant "little ." AND NOTE THIS - it will immediately open a backdoor via IRC bot like original, but it may have a new method - i am currently monitoring a new unusual traffic attempt...not done yet putting everything together. But the point is - its trying to link up, download new instructions or allow a remote user to do as they will with your machine and its world behind your router/firewall. The giveaways - ptrf.exe ; cpjopaid.exe; wcfgayg.exe, a few others. Just don't use it. Its a late nite, I tryn to track down the suspect remote address for this latest version; and the website that past it - it also changes ur default browser from IE - to what - ?? - as no other browser on the PC. And if it finds those files during its initial search of its new home (your PC), it acts as soon as it finds any web pages - client or server. Until your ready, leave your PC off, as it will continually infect - and soon your few personal files you can save will also be turned. I will hopefully have a useful recommendation to save it all, or at least maximize the user file saves. I am planning on a Tues AM delivery, or sooner, for my team to start a review. Have to go.... [email protected] Edit: removed email address to avoid spambots.
  • Create New...