1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

W32.Chemsvy!!!

Discussion in 'Computer Security' started by noelg24, Jun 25, 2004.

  1. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Now unless I am late about it but I just got hit with worm about half an hour ago...and it must sent about 20-30 different viruses all located in the My Shared Folder of Kazaa++. So just giving u guys a warning in case anyone else runs into trboule...the cure? well turn off System Restore (those using ME/XP does 200 have one? Im not sure) then update the the virus updates from the symantec site and also do a full scan so it can locate the viruses...Im sure my poor baby's life must have flashed before its eyes :eek: poor lassie :eek:
     
    Certifications: A+
    WIP: my life
  2. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    From a security standpoint, I can't say I'm really thrilled about Kazaa. Unfortunately, with so much malware in the wild these days, updating your AV defs is pretty much a daily task...as well as keeping up on Windows critical hotfixes.

    Thanks for the "heads up". :)
     
    Certifications: A+ and Network+
  3. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    No probs Trip..the strange thing about it is...this is the first time I have ever been hit by viruses in the 7yrs or so I have built PCs...but blimey you dont know when to expect it. But the version of Kazaa I have does not support ads so really it shouldnt bring in any spyware...but I am suprised and will notify others I know...
     
    Certifications: A+
    WIP: my life
  4. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    Nice one, Waliu - thanks for the nod :thumbleft.

    I see AVG6 has just issued a new update since yesterday, so maybe that has something to do with it.

    Thanks for posting about your "hit" - thats why I thought a Security Forum was a good idea around here. Fore-warned is fore-armed.

    Oh, btw - w2k doesn't have System Restore.
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  5. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Thanks Jak. Its just a shame I got caught...bbut its all rectified...I even updated Zone Alarm Pro too so from now on muggins here should be well and truly protected...otherwise its Troy all over again.... :eek:
     
    Certifications: A+
    WIP: my life
  6. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    This is one reason why I go to www.sarc.com and manually download my av defs daily rather than waiting for the auto-scheduler to do it.
     
    Certifications: A+ and Network+
  7. Bluerinse
    Honorary Member

    Bluerinse Exabyte Poster

    8,871
    167
    256
    Wow, you need to get out more Noelg24 :)

    Kazza is notorious as a security risk and backdoor for ad/spyware, if I were you and I couldn't live without it, I would use it from within a virtual machine or duel boot into another OS to use it. You are basically opening your machine up to a huge network of script kiddies.

    Maybe once bitten twice shy?

    Norton AV is not only expensive but very resourse hungry, I loaded it for a punter the other day on a P4 2.8 and it even slowed that down considerably. Then, after a year you have to pay for updates :evil: Why anyone would pay for something that is not as good as FREE AVG I will never know???

    Pete
     
    Certifications: C&G Electronics - MCSA (W2K) MCSE (W2K)
  8. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    I upgraded a PC at the HP human factor's lab last week and updated all the security patches. Then I downloaded AVG (more out of curiosity than anything else), updated it and ran it. No viruses. Cool. I've made sure it was updated every few days. Yesterday, someone else in the office turned it on in preparation to test the eye tracking software we've been working with. Got a nasty gram saying that Sasser was detected on the system. How the heck did it get in with the hotfixes and AVG in place?

    I ran the Stinger removal tool but it couldn't find Sasser. I updated the AV defs *again* and ran AVG and it didn't find Sasser. I thought maybe the warning had stated that it found and quarentined or deleted the critter but there was no log entry to that effect.

    odd.
     
    Certifications: A+ and Network+
  9. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Well I never paid for Norton or even Zone Alarm Pro...got them both for FREE!!! :D but I do know the affects of Kazaa cos I only have it on when I am using it and once I aint using it its disconnected. But I still advise others of the risks and always make sure they have their Firewall and Anti virus softwares all updated cos I hate to see people in such a state that the only cure for them is to throw that expensive machine out the window....not sure why :roll:
     
    Certifications: A+
    WIP: my life
  10. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    fdisk ???
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  11. noelg24

    noelg24 Terabyte Poster

    3,334
    26
    139
    Jak...I meat when people talk to me over the phone and I have never met them before and they have already gotten rid of their PC :!: otherwise I would be glad to get it fixed for them... :)
     
    Certifications: A+
    WIP: my life
  12. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    I have encountered customer machines that were so infested with malware that the only solution was to reload the operating system, hosing the original installation (and all the data). :eek:
     
    Certifications: A+ and Network+
  13. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    I wouldn't say thats as extreme a solution as many might think to an infested machine beyond repair, Trip.

    Honestly, if people have full back-ups (yeah, right) then it's the easiest solution. Maybe then they will realise that they should maintain up to date security measures on their PCs.

    Mind you, some of the best Techs I know ( no names ) have still forgotten to patch Blaster, etc before going back online for the first time after a re-install. :oops:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  14. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    There is nothing quite like working with a customer who has a hopeless infestation on their computer (usually thanks to their teenagers) who when you ask, "Did you back up your data", get that "deer-in-the-headlights" look and answer dully, "No". These are otherwise intellegent, professional people who are very competent in their fields. Even if they work in a production environment were their business systems are regularly backed up, they still don't think to even burn their critical data to disk.
     
    Certifications: A+ and Network+
  15. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    9,915
    60
    229
    I have to be fair here, actually Trip - I never even knew what a backup was until AFTER my first "sting" when I was starting out. :rolleyes:

    Never missed out since mind :wink:
     
    Certifications: MCP, A+, Network+
    WIP: Clarity
  16. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    Um, not sure where the consensus that Kazzaa was a security problem came from, I used it straight for almost 3 years without a hit, used it on multiple machines, with port forwarding to allow me quicker downloads
    only stopped using it when it started taking 2 weeks to download something lol

    now I use Bit Torrent

    I used Kazzaa Lite mind, Kazzaa was the biggest bloatiest pos around :)
    apart from maybe, ICQ 99b
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0

Share This Page

Loading...