Solved

What is the effect of the virus PornoVid

Posted on 2008-10-23
7
669 Views
Last Modified: 2013-11-22
One of our laptops was infected with this.    The effect we noted was that the DNS entries has been altered to use some server in Russia (after getting a local DHCP IP).

Kaspersky 2009 did detect the autorun.inf file in C:\ and D:\ but these is still a file called c:\resycled\boot.com on the drive that is apparently related.

Is this a new virus - I can't seem to find out much about it?
My main concern is that the DNS change was not related to this virus and could therefore still be infected.

Anyone?
SF
0
Comment
Question by:sheepfarmer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 400 total points
ID: 22786695
Hi sheepfarmer,

What you need to do is download a program called UnHackMe. Its the first link if you search "Download UnHackMe" on google. Run that and restart.

Download malwarebytes and run that. Restart, and it should be fixed.
Restart as many times as you need.

Here's some details about the virus:

http://www.threatexpert.com/report.aspx?uid=a24bfeb5-fc97-4ffe-8e96-680f027c589c

Hope this helps.

Cheers!
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 100 total points
ID: 22786696
resycled\boot.com is definitely part of the virus.
Try this: http://greatis.com/unhackme/
Also try Malware Bytes and Spybot to make sure it is completely cleaned out.
0
 
LVL 4

Expert Comment

by:smittyboom
ID: 22786794
Sorry Jo. Guess we were typing at the same time.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 

Author Comment

by:sheepfarmer
ID: 22786841
Whats interested about this virus (in our experience) is that soon after infection, there was an attempt to login in (unsuccesfully) to our firewall from this machine (from the inside) so it looks like remote control or similar was used (nasty).
The threatexpect link does explicitly mention this or the DNS hijack; I presume its a new one.

We're actually zapping the infected box and rebuilding just to be sure.  It is a reminder to us all to keep AV up to date (this box have KIS2009 installed, but it had expired (oops).

SF.
0
 

Author Comment

by:sheepfarmer
ID: 22786849
Regarding boot.com - I have spoken to Kaspersky today as this file was not picked up as part of the virus - they are looking into it.

0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22786872
LOL! No prob smittyboom! I was surprised to see your post right after I clicked submit!

Yeah, if you read the last past of the link I gave, you'll see that it tries to connect to a remote host. I guess the DNS changes can be made after this connection.

Good idea to make 100% sure though!
0
 

Author Closing Comment

by:sheepfarmer
ID: 31509228
Thanks alot
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question