Skip to main content

New virus

More
17 years 3 months ago #22412 by Alans
New virus was created by Alans
hi, my pc is infected with a virus that adds some extra items in the right click menu
on the harddisk drives like "If freedom is outlawed, only outlaws will have freedom"
and under it there is "J U S T A G A M E", if i click the first one (i.e, if freedom..." it tries to open
drive letter:\RECYCLER\systems.com like D:\RECYCLER\systems.com


if the file is run then it appeares a lot of fake popup message that says something like this "my picture
is corupted please run chkdsk", also it adds a mypicture.exe file to some folders,
disables taskmanager in the CTRL,ALT+DEL menu and
you can't open regedit in the run window.

any way, i restored my pc to a specifid date with acronis true image and the virus is
gone (only for the restored drives) but now i can open taskmanager and regedit.

in regedit i searched for systems.com and here is what i found:
HKEY_USERS\S-1-5-21-4217527386-1433810888-3187400971-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{746afdd6-1c53-11db-b5b5-806d6172696f}\Shell\start\command >>the command value is D:\RECYCLER\systems.com

i deleted this and every thing was normal for a few days but it comed again with out using any using
for external medias.

I have NOD32 AV updated but it didn't catch it, i googled it and i found that sophos is the only AV(as i know)
that can catch this virus
www.sophos.com/security/analyses/w32outlawa.html

so what shouls i do? waiting till nod32 update their db?or..


thanks

always Face your Fears...
More
17 years 3 months ago #22416 by yadav
Replied by yadav on topic hiiiiiii
u cant get the run window and taskmanger if ur pc is infected with this kind of viruse evne i also faced same problem.......try to clean the virus using "stinger" its freely availabel in net. Download and scan ur pc in safe mode..........it can cure up to some instinct...... :)
More
17 years 3 months ago #22419 by Smurf
Replied by Smurf on topic Re: New virus
As yadav suggested, i would reboot in Safe Mode and clean it out of the registry. Also, look to move to Sophos, lol :)

Also, most AV vendors will have an e-mail address that you can send Viruses to them for Analysis. I would also do that because they may already have a signature that hasn't quite been released yet or even send instructions on its removal.

Cheers

Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Time to create page: 0.131 seconds