Saturday, December 01, 2007

Virus Again - 62D4F8F5DDAC.exe

One of the PC in the office count down for 60 seconds to reboot a few minutes after logon. Again, a trojan from entering the site www. b l o g o. t w !!
Exactly as described in http://phorum.study-area.org/index.php?PHPSESSID=6d340836b5b3737986eb9441f581132a&topic=48640.msg246549#msg246549

It was managed to stop the reboot with:
Start > Run --> enter "shutdonw -a"

A process with the name "62D4F8F5DDAC.exe" was found.
Just like what is described in McAfee's site for a virus called PWS-JU.
http://tw.mcafee.com/virusInfo/default.asp?id=description&virus_k=143551

All the 3files were found at the exact location:

c:\WINNT\Debug\62D4F8F5DDAC.dll , filesize: 156.672 bytes
c:\WINNT\Debug\62D4F8F5DDAC.exe , filesize: 81.920 bytes
c:\WINNT\system32\od3mdi.dll , filesize: 259.584 bytes

So the 3 files were deleted.

However, just as the event in last time, the Winsock crashed. TCP/IP stack is corrupted. When the trojon melware installed, it changed some Registry Keys. The PC cannot connect to the internet.

Again, it was fixed with winsockxpfix.

The colleague said she has not installed anything...
Maybe casued by internet surfing, receivinig a jpg file, etc.

位於 10:01 pm 0 意見

標籤:

Subscribe to: Posts (Atom)