Solved

What is the effect of the virus PornoVid

Posted on 2008-10-23
7
662 Views
Last Modified: 2013-11-22
One of our laptops was infected with this.    The effect we noted was that the DNS entries has been altered to use some server in Russia (after getting a local DHCP IP).

Kaspersky 2009 did detect the autorun.inf file in C:\ and D:\ but these is still a file called c:\resycled\boot.com on the drive that is apparently related.

Is this a new virus - I can't seem to find out much about it?
My main concern is that the DNS change was not related to this virus and could therefore still be infected.

Anyone?
SF
0
Comment
Question by:sheepfarmer
  • 3
  • 2
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 400 total points
ID: 22786695
Hi sheepfarmer,

What you need to do is download a program called UnHackMe. Its the first link if you search "Download UnHackMe" on google. Run that and restart.

Download malwarebytes and run that. Restart, and it should be fixed.
Restart as many times as you need.

Here's some details about the virus:

http://www.threatexpert.com/report.aspx?uid=a24bfeb5-fc97-4ffe-8e96-680f027c589c

Hope this helps.

Cheers!
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 100 total points
ID: 22786696
resycled\boot.com is definitely part of the virus.
Try this: http://greatis.com/unhackme/
Also try Malware Bytes and Spybot to make sure it is completely cleaned out.
0
 
LVL 4

Expert Comment

by:smittyboom
ID: 22786794
Sorry Jo. Guess we were typing at the same time.
0
Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

 

Author Comment

by:sheepfarmer
ID: 22786841
Whats interested about this virus (in our experience) is that soon after infection, there was an attempt to login in (unsuccesfully) to our firewall from this machine (from the inside) so it looks like remote control or similar was used (nasty).
The threatexpect link does explicitly mention this or the DNS hijack; I presume its a new one.

We're actually zapping the infected box and rebuilding just to be sure.  It is a reminder to us all to keep AV up to date (this box have KIS2009 installed, but it had expired (oops).

SF.
0
 

Author Comment

by:sheepfarmer
ID: 22786849
Regarding boot.com - I have spoken to Kaspersky today as this file was not picked up as part of the virus - they are looking into it.

0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22786872
LOL! No prob smittyboom! I was surprised to see your post right after I clicked submit!

Yeah, if you read the last past of the link I gave, you'll see that it tries to connect to a remote host. I guess the DNS changes can be made after this connection.

Good idea to make 100% sure though!
0
 

Author Closing Comment

by:sheepfarmer
ID: 31509228
Thanks alot
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question