Solved

What is the effect of the virus PornoVid

Posted on 2008-10-23
7
655 Views
Last Modified: 2013-11-22
One of our laptops was infected with this.    The effect we noted was that the DNS entries has been altered to use some server in Russia (after getting a local DHCP IP).

Kaspersky 2009 did detect the autorun.inf file in C:\ and D:\ but these is still a file called c:\resycled\boot.com on the drive that is apparently related.

Is this a new virus - I can't seem to find out much about it?
My main concern is that the DNS change was not related to this virus and could therefore still be infected.

Anyone?
SF
0
Comment
Question by:sheepfarmer
  • 3
  • 2
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 400 total points
ID: 22786695
Hi sheepfarmer,

What you need to do is download a program called UnHackMe. Its the first link if you search "Download UnHackMe" on google. Run that and restart.

Download malwarebytes and run that. Restart, and it should be fixed.
Restart as many times as you need.

Here's some details about the virus:

http://www.threatexpert.com/report.aspx?uid=a24bfeb5-fc97-4ffe-8e96-680f027c589c

Hope this helps.

Cheers!
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 100 total points
ID: 22786696
resycled\boot.com is definitely part of the virus.
Try this: http://greatis.com/unhackme/
Also try Malware Bytes and Spybot to make sure it is completely cleaned out.
0
 
LVL 4

Expert Comment

by:smittyboom
ID: 22786794
Sorry Jo. Guess we were typing at the same time.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:sheepfarmer
ID: 22786841
Whats interested about this virus (in our experience) is that soon after infection, there was an attempt to login in (unsuccesfully) to our firewall from this machine (from the inside) so it looks like remote control or similar was used (nasty).
The threatexpect link does explicitly mention this or the DNS hijack; I presume its a new one.

We're actually zapping the infected box and rebuilding just to be sure.  It is a reminder to us all to keep AV up to date (this box have KIS2009 installed, but it had expired (oops).

SF.
0
 

Author Comment

by:sheepfarmer
ID: 22786849
Regarding boot.com - I have spoken to Kaspersky today as this file was not picked up as part of the virus - they are looking into it.

0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22786872
LOL! No prob smittyboom! I was surprised to see your post right after I clicked submit!

Yeah, if you read the last past of the link I gave, you'll see that it tries to connect to a remote host. I guess the DNS changes can be made after this connection.

Good idea to make 100% sure though!
0
 

Author Closing Comment

by:sheepfarmer
ID: 31509228
Thanks alot
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now