Skip to main content

MALZER.EXE ?!?

More
18 years 4 days ago #18285 by kennyj
MALZER.EXE ?!? was created by kennyj
Has any heard of or been infected with the virus MALZER.EXE? My network has been infected and within an hour of removing the virus it comes back up. The virus has been replicating itself throughout the workstations on the network and is now starting to infect the file servers. Any help on this would be great. :evil:
More
18 years 4 days ago #18286 by Smurf
Replied by Smurf on topic Re: MALZER.EXE ?!?
Hi Kenny,

Who is your AV Vendor ? Its best to ring them directly with this issue as they may have steps to stop the infection from propergating again once you have cleaned the systems. If they haven't even got IDE's or anything for it then send them a copy and i am sure they will work to write something for ya.

Sorry but i have never come across this one and it seems that its relativly new since google doesn't pick much up on it either.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 4 days ago #18287 by Smurf
Replied by Smurf on topic Re: MALZER.EXE ?!?
Also, if you have more details on what the virus is doing, i.e. modifies the registry, copies itself to specific files, etc...

It may be that some of the AV vendors have named it something different.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 3 days ago #18298 by jhun
Replied by jhun on topic Re: MALZER.EXE ?!?
also, prior to doing smurf's advice you could for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.
check the following:

- task manager
- registry
- startups
- msconfig
- documents and settings/temporary folders (hidden)
- system folders

for any suspicious and unwanted files/folders/applications
More
18 years 3 days ago #18302 by Smurf
Replied by Smurf on topic Re: MALZER.EXE ?!?
Great advice Jhun hopefully that will help to stop it propergating through the network as much.

I was thinking last night as i was nodding off (sad i know), why is this propegating like it is ? Can you confirm that your machines are all fully patched ?

When Blaster (and its varients) hit, the main reason for this was an unpatched vulnerability which allowed the windows shares to be accessed. Something similar must be happening here if its spreading across the network so i would also ensure that your machines are patched as this could be the reason why they are getting re-infected.

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
More
18 years 2 days ago #18322 by monsky
Replied by monsky on topic Re: MALZER.EXE ?!?
google search gave this LINK

for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.


follow what jhun had suggested.

have you tried hijackthis? very effective in removing malware entries but be careful in using it, you might remove legitimate entries, or post the hijackthis scan result here so we can see,

use adaware from lavasoft.

or find another PC which you find free from virus, connect to this pc the harddisk of the infected pc then boot the PC (but be sure you are booting from the virusfree harddisk), then run scan.
Time to create page: 0.138 seconds