×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chronicle: Reoved virii from local organization's computer

Chacham (981) writes | more than 3 years ago

User Journal 0

While supporting a local organization's computers, i remove the offending winsock entries. Lo and behold, they belonged to B-Secure. Things worked a lot better without it (remove the entries, have IE's wizard "fix" the connection) but it noticed it was gone on reboot. So, i killed it again, removed it from startup and things were moving along.

While supporting a local organization's computers, i remove the offending winsock entries. Lo and behold, they belonged to B-Secure. Things worked a lot better without it (remove the entries, have IE's wizard "fix" the connection) but it noticed it was gone on reboot. So, i killed it again, removed it from startup and things were moving along.

Then came Defense Center. It puts nasty icons on the desktop and wants you to buy into its scam. It runs one process, cleverly disguised as the Windows remote executable (wau something, i forget) and places itself in .exe in the registry. Every application runs it, then it runs your app, but it throws up warnings. Luckily, i had Process Explorer on the system, and watched what was happening. Killing the process did not kill its child, so i was able to get the programs i wanted to run. Security Essentials wasn't doing anything.

Took the hard drive out and connected it to another computer and did a full scan. It cleaned the virii, and i put it back. Still there, but Security Essentials started realizing there was a threat, but failed to remove the actual executable. Even a full scan didn't seem to remove Program Files\Defense Center (i deleted it myself after it *seemed* to have past it in the alphabetical order). But, it did ask to send a copy of it to them, which i did (twice).

I changed the .exe entry, deleted the file (it was in the temp directory), but now executables wouldn't start. To fix that, i used Explorer's Tools\Folder Options\File Types, to reset it as application. Then Security Essentials did a full scan and found no threats.

All in all there were three virii. One master that wasn't really detected, and two children that it caught after the other computer scanned it.

Windows Update installed a few items, .Net 4 and a Security Essentials update. A reboot made Windows want to do a full scan again. Instead, i did a quick scan, reinstalled B-Secure, rebooted, and started a full scan. That's where it is now. I'll have to make sure it restart ok next time.

0 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...