|
Posted by RJK on October 5, 2006, 2:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
This Internet site has been concluded temporarily because of abuse of script
regards, Richard
>
> | Was suprised about how hard to is to contact Microsoft with reference to
> this
> | sort of thing. Alot of my friends have recently been infected by a
> virus
> | spreading itself on msn urging people to click a link to a 'picture'
> which in
> | reality opens up a dos-file.
> |
> | "is that you on that photo?!
> | hxxp://www.sam22.com/photos.php?photo=photo211.jpg"
> |
> | this is the link that people recieve - although I would suggest you not
> | click on it. Just wondering if microsoft had worked out any type of
> fix? As
> | this has put alot of mates in a bind.
> |
> | Thanks
>
>
> I wouldn't call that a DOS file. In reality it is a Win32 executable
> renamed as a .PIF
> file.
>
> There isn't anything that really can be done specifically by Microsoft.
> However, abuse
> complaints can be filed to the ISP of
> www.sam22.com == 81.4.97.147
>
> http://www.dnsstuff.com/tools/whois.ch?ip=81.4.97.147&email=on and file
> a complaint for
> hosting malware.
> Send your complaints to; abuse@proserve.nl and secure@proserve.nl
> nothing the URL of the
> above.
>
> Basically this is a simple Social Engineering con. A message that piques
> your interest but
> it's intent is to infect you.
>
> Complete scanning result of "photo211.pif", processed in VirusTotal at
> 10/05/2006 00:29:55
> (CET).
>
> [ file data ]
> * name: photo211.pif
> * size: 137216
> * md5.: 50f685141c9252a13ece1febd372e491
> * sha1: 50c74be39a4bbe966848c89fb874ecf69ffcd31a
>
> [ scan result ]
> AntiVir 7.2.0.22/20061004 found nothing
> Authentium 4.93.8/20061004 found nothing
> Avast 4.7.892.0/20061004 found [Win32:Agent-BNP]
> AVG 386/20061004 found [Generic2.DIS]
> BitDefender 7.2/20061004 found nothing
> CAT-QuickHeal 8.00/20061004 found [(Suspicious) - DNAScan]
> ClamAV devel-20060426/20061004 found nothing
> DrWeb 4.33/20061004 found [Win32.HLLW.Foite]
> eTrust-InoculateIT 23.73.13/20061004 found nothing
> eTrust-Vet 30.3.3114/20061004 found nothing
> Ewido 4.0/20061004 found nothing
> F-Prot 3.16f/20061004 found nothing
> F-Prot4 4.2.1.29/20061004 found nothing
> Fortinet 2.82.0.0/20061004 found nothing
> Ikarus 0.2.65.0/20061004 found nothing
> Kaspersky 4.0.2.24/20061004 found [Backdoor.Win32.Agent.fs]
> McAfee 4866/20061004 found nothing
> Microsoft 1.1603/20061004 found nothing
> NOD32v2 1.1790/20061004 found nothing
> Norman 5.80.02/20061004 found nothing
> Panda 9.0.0.4/20061004 found [Suspicious file]
> Sophos 4.10.0/20061004 found [Troj/DwnLdr-FSN]
> Symantec 8.0/20061004 found nothing
> TheHacker 6.0.1.091/20061004 found nothing
> UNA 1.83/20061004 found nothing
> VBA32 3.11.1/20061004 found nothing
> VirusBuster 4.3.7:9/20061004 found nothing
>
> [ notes ]
> packers: ASProtect
> packers: Aspack
>
>
>
> The Sophos module in the below Multi AV Scanning Tool acan be used to
> clean an infected PC.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to
> go through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
> Normal Mode.
> This way all the components can be downloaded from each AV vendor's web
> site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and
> Reboot the PC.
>
> You can choose to go to each menu item and just download the needed files
> or you can
> download the files and perform a scan in Normal Mode. Once you have
> downloaded the files
> needed for each scanner you want to use, you should reboot the PC into
> Safe Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want
> to run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal
> Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
> comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
| 
XML site map