Group29.com - What did you expect?
  Create an account
:: Home  ::  Downloads  ::  Your Account  ::  Forums  ::
Google Adsense
Modules
  • Home
  • Downloads
  • ExpectationReviews
  • Forums
  • Group29 FAQ
  • MovieReviews
  • OtherReviews
  • Stories Archive
  • Submit News
  • Top 10
  • Topics
  • Web Links
  • New at Group29
    ·Movie Review: Buzz Lightyear Movie [10]
    ·Movie Review: The Marvels [7]
    ·UCLA vs. USC 2022 preview
    ·Expectation Review: Black Adam [22]
    ·Tuna Is Not The Favorite Pizza Topping in Minnesota
    ·Expectation Review: Captain Marvel [25]
    ·Forum Topic: Update your Facebook property
    ·Web Link: WEP Key Converter
    ·Forum Topic: Why does my IPA file get saved as a zip file in IE?
    ·Web Link: BeyondCompare

    read more...
    TheForce.Net
    ·Rebelscum Breast Cancer Awareness Charity Patch
    ·BBC Interviews J.J. Abrams About Trek And Wars
    ·CEII: Jabba's Palace Reunion - Massive Guest Announcements
    ·Fathead's May the Fourth Be With You!
    ·Star Wars Night With The Tampa Bay Storm Reminder
    ·Stephen Hayford Star Wars Weekends Exclusive Art
    ·ForceCast #251: To Spoil or Not to Spoil
    ·New Timothy Zahn Audio Books Coming
    ·SDCC: Exclusive Black Series Boba Fett With Han In Carbonite Set
    ·Star Wars Art Exposition May 4th

    read more...
    Hot trends
    ·Group29.com

    read more...
     How did I get the XP AntiVirus 2008?
    What do we know?
    One of the computers in our household obtained a drive-by virus infection recently. This particular infection is one of the famous backdoor Trojans that arrive by exploiting browser security from a web site that would otherwise seem harmless. The web site in question already was infected by the server SQL Injection exploit, which was replacing the web pages with ones that framed the content and contained malware JavaScript.

    The computer in question was running Windows XP service pack 2, in a non-administrative account, with a 20-day old Symantec Antivirus 7.x virus list.

    Why would anyone bother? In this case, the software that was loaded had all sorts of powers. It was malware, spy ware, and blackmail ware all in a blended threat. One piece attempts to open a back door to your computer, so that it can be controlled in a botnet. A botnet can be used to send internet traffic such as denial of service attacks, spam emails, and deliver other content. Another malware program brings in other software that shows up and attempts to blackmail you into buying it so that your computer will continue to work.



    Here is what happened. The user of the computer, whose name shall not be used, surfed to a site owned by the National Park Service called livetheriver.org. The infected Apache web server was had a text substitution script that was attempting to force browser clients to run a script file called ngg.js. The infected Apache/Linux servers most likely have been hit with SQL injection attacks. Web sites that catalog content using a database are susceptible. The infected web servers then help to propagate malware to Windows-based client computers. In this case, our computer’s Internet Explorer loaded and ran the script. One run, a number of pieces of malware were loaded on the PC. This included the ASPROX Trojan proxy server, the BraviaX downloader, and the beep.sys rootkit. Once the BraviaX started, it loaded the XP Antivirus 2008 software. Once the XP Antivirus 2008 started, then it warned that there was a spyware infection. It tells you to send you credit card information to some company in the Ukraine. The ironic part is that it IS the infection. It reminded me of Syndrome, the antagonist in the movie The Incredibles. Syndrome sends a robot to destroy the city, then appears to fight the robot to save the city. Fortunately, the good guys are sticking right with the bad guys. Andy Manchesta has a life saving program called SDFix. http://downloads.andymanchesta.com/RemovalTools/SDFix_ReadMe.htm I ran SDFix to clear the malware. I booted up Windows XP in safe mode, and copied the program from a CD. With the beep.sys loaded, you cannot run the anti cool web search tool or Hijackthis. It knows the name of the program and blocks it from starting. Future versions may also prevent SDFix from running, so you may have to rename the program. Afterwards, I updated the computer to newly released XP service pack 3. I uninstalled Symantec/Norton, and installed AVG antivirus free version 8. I have been using the 7.5 on my Windows Vista system since March 2007. I ran a scan and it found all the suspect files including the infected web pages in the browser cache. It also found files in the System Volume Information directory. This keeps on showing up during scans, so I may have to follow up on a way to clear that out. I also installed Spybot search and destroy, which claims to be able to catch these threats. Note that Opera, Safari, Mozilla FireFox and Internet Explorer all have vulnerabilities that have been exploited by this malware group. More helpful links: Balloon Saying "your Computer Is Infected With Spyware" Most Likely Malware http://www.bleepingcomputer.com/forums/lofiversion/index.php/t134064.html So how did I get infected in the first place? http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html How the medichi rootkit works (also using beep.sys) http://www.greatis.com/security/medichi_exe_murka_dat_rootkit.htm More about the System Volume Information directory http://www.theeldergeek.com/system_volume_information_folder1.htm More about braviax http://www.cmilner.com/crapware.php AVG Antivirus http://www.grisoft.com Free version 8.0 Antivirus at http://free.avg.com/ Spybot Search and Destroy http://www.safer-networking.org
      
    Posted on Thursday, July 03, 2008 @ 11:58:46 UTC by BB
    "How did I get the XP AntiVirus 2008?" | Login/Create an Account | 0 comments
    The comments are owned by the poster. We aren't responsible for their content.

    No Comments Allowed for Anonymous, please register
    Group29 Productions

    All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest (c) 2006 by Group29 Productions.


    You can syndicate Group29 Productions news with an RSS Feeder using the file backend.php


    PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
    Page Generation: 0.21 Seconds

    :: HeliusGray phpbb2 style by CyberAlien :: PHP-Nuke theme by www.nukemods.com ::