Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
"Computer Crime & Intellectual Property Section" virus
13 views
Skip to first unread message
A. Deguza
May 10, 2013, 7:16:00 PM5/10/13
to
Hello All:
I am helping a friend who got the "‘Computer Crime & Intellectual Property Section" virus.
It is a really nasty one. It won't even let you boot into safemode.
I am able to boot to the special HP restore environment. There I am getting a command line prompt and able to see the C drive.
I am hoping that I can erase the executable for the virus.
Anybody out there know:
a- Name(s) of the virus executable
b- Where it/they reside(s)?
Thanks
I am helping a friend who got the "‘Computer Crime & Intellectual Property Section" virus.
It is a really nasty one. It won't even let you boot into safemode.
I am able to boot to the special HP restore environment. There I am getting a command line prompt and able to see the C drive.
I am hoping that I can erase the executable for the virus.
Anybody out there know:
a- Name(s) of the virus executable
b- Where it/they reside(s)?
Thanks
Thor Kottelin
May 11, 2013, 1:49:38 AM5/11/13
to
"A. Deguza" <deg...@hotmail.com> wrote in message
news:c086359b-6fce-45d4...@googlegroups.com...
> I am hoping that I can erase the executable for the virus.
If your friend has installed one piece of malware, there may also be
others present that he or she is not aware of. The safest way to get rid
of installed malware is to reinstall the operating system.
--
Thor Kottelin
http://www.anta.net/
news:c086359b-6fce-45d4...@googlegroups.com...
> I am hoping that I can erase the executable for the virus.
others present that he or she is not aware of. The safest way to get rid
of installed malware is to reinstall the operating system.
--
Thor Kottelin
http://www.anta.net/
A. Deguza
May 11, 2013, 8:30:07 PM5/11/13
to
On Friday, May 10, 2013 10:49:38 PM UTC-7, Thor Kottelin wrote:
> "A. Deguza" wrote in message
>
> news:c086359b-6fce-45d4...@googlegroups.com...
>
> > I am hoping that I can erase the executable for the virus.
>
> If your friend has installed one piece of malware, there may also be
> others present that he or she is not aware of. The safest way to get rid
> of installed malware is to reinstall the operating system.
You are very right. Since I asked for help, I was able to take the o/s and installations to an earlier date. That got rid of the nasty "ransomware".
> news:c086359b-6fce-45d4...@googlegroups.com...
>
> > I am hoping that I can erase the executable for the virus.
>
> If your friend has installed one piece of malware, there may also be
> others present that he or she is not aware of. The safest way to get rid
> of installed malware is to reinstall the operating system.
However, scans with multiple antivirus/malware programs found numerous other infections.
The computer now starts, but I do not trust it anymore. As soon as my friend backs everything up, I am going to recommend a clean install of the o/s.
Deguza
unruh
May 11, 2013, 10:07:09 PM5/11/13
to
directory and other stuff that he backed up. Thus you need to search all
of that for suid and sgid files as well (use find)
They can also put programs in there that are the ape of system programs
(eg put ls into his home directory, and if he has . in his path it may
well get run. )
A. Deguza
May 13, 2013, 4:51:47 PM5/13/13
to
On Saturday, May 11, 2013 7:07:09 PM UTC-7, unruh wrote:
[...]
"SUID (Set owner User ID up on execution) is a special type of file permissions given to a file."
[...]
>
> The problem is that the attackers can also have put stuff into the home
>
> directory and other stuff that he backed up. Thus you need to search all
>
> of that for suid and sgid files as well (use find)
Did a search for SUID, seems like it is a Linux/Unix thing:
> The problem is that the attackers can also have put stuff into the home
>
> directory and other stuff that he backed up. Thus you need to search all
>
> of that for suid and sgid files as well (use find)
"SUID (Set owner User ID up on execution) is a special type of file permissions given to a file."
0 new messages