• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 680
  • Last Modified:

What is the effect of the virus PornoVid

One of our laptops was infected with this.    The effect we noted was that the DNS entries has been altered to use some server in Russia (after getting a local DHCP IP).

Kaspersky 2009 did detect the autorun.inf file in C:\ and D:\ but these is still a file called c:\resycled\boot.com on the drive that is apparently related.

Is this a new virus - I can't seem to find out much about it?
My main concern is that the DNS change was not related to this virus and could therefore still be infected.

Anyone?
SF
0
sheepfarmer
Asked:
sheepfarmer
  • 3
  • 2
  • 2
2 Solutions
 
JoWickermanCommented:
Hi sheepfarmer,

What you need to do is download a program called UnHackMe. Its the first link if you search "Download UnHackMe" on google. Run that and restart.

Download malwarebytes and run that. Restart, and it should be fixed.
Restart as many times as you need.

Here's some details about the virus:

http://www.threatexpert.com/report.aspx?uid=a24bfeb5-fc97-4ffe-8e96-680f027c589c

Hope this helps.

Cheers!
0
 
smittyboomCommented:
resycled\boot.com is definitely part of the virus.
Try this: http://greatis.com/unhackme/
Also try Malware Bytes and Spybot to make sure it is completely cleaned out.
0
 
smittyboomCommented:
Sorry Jo. Guess we were typing at the same time.
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
sheepfarmerAuthor Commented:
Whats interested about this virus (in our experience) is that soon after infection, there was an attempt to login in (unsuccesfully) to our firewall from this machine (from the inside) so it looks like remote control or similar was used (nasty).
The threatexpect link does explicitly mention this or the DNS hijack; I presume its a new one.

We're actually zapping the infected box and rebuilding just to be sure.  It is a reminder to us all to keep AV up to date (this box have KIS2009 installed, but it had expired (oops).

SF.
0
 
sheepfarmerAuthor Commented:
Regarding boot.com - I have spoken to Kaspersky today as this file was not picked up as part of the virus - they are looking into it.

0
 
JoWickermanCommented:
LOL! No prob smittyboom! I was surprised to see your post right after I clicked submit!

Yeah, if you read the last past of the link I gave, you'll see that it tries to connect to a remote host. I guess the DNS changes can be made after this connection.

Good idea to make 100% sure though!
0
 
sheepfarmerAuthor Commented:
Thanks alot
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now