Page 2 of 2 FirstFirst 12
Results 11 to 16 of 16

Thread: Buzus / Back Door & More - PostArticles.Net MSN Messenger

  1. #11
    findley Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    Patrick,

    IMO your best defense on security is offense, so here's a link to an excellent post thanks to Oldsod on surfing safe and browsing safely http://forums.zonelabs.com/zonelabs/...=160764#M17114

    Findley

  2. #12
    pgrant Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    FindleyIts getting better but I am not sure it is resolved yet.



    What I have figured out is:
    <ul>[*]I deleted a file called U.exe in the C: root directory.
    (Running that triggers an Error Pop up &quot;Cannot load picture &quot; which I believe is somehow called from MSN Messenger normally)

    Shortly after running U.exe a lot of winlogon.exe exceptions show
    on ZA
    which may be it trying to download more malware and viruses.

    ( I just hope I did not shoot myself in the foot doing this !!![*]Then I ran the MBAM download which did stop
    the browser hijack to PostArticles.Net[*]I followed that with a ZA deep scan in normal mode as
    it would not run in Safe Mode
    which turned up more malware but none went into quarantine ... it was categorised as RAT with name Win32.Remote.Admin[/list]

    So I need to do a few more scans and a bit more observation to be sure its gone.
    You have to wonder whether its kids thta write these scripts or those who sell
    solutions that magically fix the problem )


    Rgds Patrick

  3. #13
    findley Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    Patrick,

    There is some information on the U.exe which is a variant of the IRCBot family of worms and IRC backdoor Trojans
    http://www.bleepingcomputer.com/star...exe-17920.html
    http://www.prevx.com/filenames/X1110...X1/U2EEXE.html

    Also see information on how to remove a Trojan, Virus, Worm, or other Malware http://www.bleepingcomputer.com/tuto...torial101.html

    Have you run DrWebCureIt http://www.freedrweb.com/cureit/

    You may need to make several passes with MBAM to remove everything.
    The only way to remove infections from System Restore is to disable System Restore and then re-enable it.

    Findley

  4. #14
    pgrant Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    The ZA versions are:
    ZoneAlarm Security Suite version:7.0.483.000
    TrueVector version:7.0.483.000
    Driver version:7.0.483.000
    Anti-virus engine version:3
    Anti-virus SDK version:5.0.1.85
    Anti-virus signature DAT file version:980983139
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200903.5595
    AntiSpam version:5.0.6.8903

  5. #15
    pgrant Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    I think its gone !!!!

    One try of MBAM and removing U.exe did the trick

  6. #16
    findley Guest

    Default Re: Buzus / Back Door & More - PostArticles.Net MSN Messenger

    pgrant,

    That's good news!

    Stay safe and infection free
    Findley

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •