Solved

What is the effect of the virus PornoVid

Posted on 2008-10-23
7
646 Views
Last Modified: 2013-11-22
One of our laptops was infected with this.    The effect we noted was that the DNS entries has been altered to use some server in Russia (after getting a local DHCP IP).

Kaspersky 2009 did detect the autorun.inf file in C:\ and D:\ but these is still a file called c:\resycled\boot.com on the drive that is apparently related.

Is this a new virus - I can't seem to find out much about it?
My main concern is that the DNS change was not related to this virus and could therefore still be infected.

Anyone?
SF
0
Comment
Question by:sheepfarmer
  • 3
  • 2
  • 2
7 Comments
 
LVL 16

Accepted Solution

by:
JoWickerman earned 400 total points
ID: 22786695
Hi sheepfarmer,

What you need to do is download a program called UnHackMe. Its the first link if you search "Download UnHackMe" on google. Run that and restart.

Download malwarebytes and run that. Restart, and it should be fixed.
Restart as many times as you need.

Here's some details about the virus:

http://www.threatexpert.com/report.aspx?uid=a24bfeb5-fc97-4ffe-8e96-680f027c589c

Hope this helps.

Cheers!
0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 100 total points
ID: 22786696
resycled\boot.com is definitely part of the virus.
Try this: http://greatis.com/unhackme/
Also try Malware Bytes and Spybot to make sure it is completely cleaned out.
0
 
LVL 4

Expert Comment

by:smittyboom
ID: 22786794
Sorry Jo. Guess we were typing at the same time.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:sheepfarmer
ID: 22786841
Whats interested about this virus (in our experience) is that soon after infection, there was an attempt to login in (unsuccesfully) to our firewall from this machine (from the inside) so it looks like remote control or similar was used (nasty).
The threatexpect link does explicitly mention this or the DNS hijack; I presume its a new one.

We're actually zapping the infected box and rebuilding just to be sure.  It is a reminder to us all to keep AV up to date (this box have KIS2009 installed, but it had expired (oops).

SF.
0
 

Author Comment

by:sheepfarmer
ID: 22786849
Regarding boot.com - I have spoken to Kaspersky today as this file was not picked up as part of the virus - they are looking into it.

0
 
LVL 16

Expert Comment

by:JoWickerman
ID: 22786872
LOL! No prob smittyboom! I was surprised to see your post right after I clicked submit!

Yeah, if you read the last past of the link I gave, you'll see that it tries to connect to a remote host. I guess the DNS changes can be made after this connection.

Good idea to make 100% sure though!
0
 

Author Closing Comment

by:sheepfarmer
ID: 31509228
Thanks alot
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Post install of Win8 14 40
remove chinese softwares 22 96
Endpoint security products 4 44
svg file 10 32
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now