Virus active but not found by A/V or malware removal apps

Dustbin Cook wrote:
> "R Tin" <rfox24x.RemoveThis@xcox.net> wrote in
> news:W7g9j.10391$pq.10334@newsfe24.lga:
>
> > Received in news group, an apparently joke post with link to humorous
> > web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
> > file name included .vbs. Purports or pretends to alter system files;
> > calls for repair with Win XP Home disk. A/V and other programs find no
> > virus. Anyone who knows how to get rid if it, please advise.
> >
>
> If you'd care to send a sample of the file you downloaded/received along to
> my email address (instructions provided on site) I may be able to assist in
> it's removal.
>

*HAHAHA* Yes keep up the act Dustbin,
you've got Liarthos convinced you are
"One of the good guys""...

Is Stormtrooper cooked and baked yet?
*wink*

4Q
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

"R Tin" <rfox24x RemoveThis @xcox.net> wrote in
news:W7g9j.10391$pq.10334@newsfe24.lga:

> Received in news group, an apparently joke post with link to humorous
> web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
> file name included .vbs. Purports or pretends to alter system files;
> calls for repair with Win XP Home disk. A/V and other programs find no
> virus. Anyone who knows how to get rid if it, please advise.
>

The file I have doesn't appear to cause much mischief, it's a vbs worm
however. And it does have a denial of service payload. I will add it to
BugHunter.

--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin RemoveThis @gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

"Beauregard T. Shagnasty" <a.nony.mous.RemoveThis@example.invalid> wrote in
news:7Zj9j.271671$kj1.54281@bgtnsc04-news.ops.worldnet.att.net:

> Dustin Cook wrote:
>
>> "R Tin" wrote:
>>> Received in news group, an apparently joke post with link to humorous
>>> web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
>>> file name included .vbs. Purports or pretends to alter system files;
>>> calls for repair with Win XP Home disk. A/V and other programs find
>>> no virus. Anyone who knows how to get rid if it, please advise.
>>
>> If you'd care to send a sample of the file you downloaded/received
>> along to my email address (instructions provided on site) I may be
>> able to assist in it's removal.
>
> hxxp:// www. webklik. nl/users/ dutchsecurety/
> osamebinladenphoto.jpg.zip
>
> Fix the obvious munging. ("dutchsecurety" is really misspelled in the
> link)
>
> Caution: OE/IE users - do *NOT* go to this link.

Thanks man.

I've taken a quick look at it. it's a worm, written in vbs. No encryption
that I could find, but it does contain a denial of service attack towards
a particular website; and it has a creation date. It's new evidently.
Seems to overwrite? pre existing vbs/vbe files with it's own code. Makes
registry entries to try and ensure it'll startup with windows, and it's a
mass mailer....

BugHunter now offers detection and optional removal.




--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin.RemoveThis@gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

"R Tin" <rfox24x RemoveThis @xcox.net> wrote in
news:W7g9j.10391$pq.10334@newsfe24.lga:

> Received in news group, an apparently joke post with link to humorous
> web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
> file name included .vbs. Purports or pretends to alter system files;
> calls for repair with Win XP Home disk. A/V and other programs find no
> virus. Anyone who knows how to get rid if it, please advise.
>

BugHunter is now able to deal with one known variant? of this worm. Please
scan your system using the utility and report back your results. You can
find the utility and the entire documentation online for it at the url
listed in my signature below.


--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
Email.: bughunter.dustin RemoveThis @gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

R Tin wrote:

> As an OE user, Thanks again Beauregard. Apparently Bughunter is
> disfavored here.

You're welcome.

Bughunter is only disfavored by a few who don't like author Dustin and
his former occupation. I don't think you will have any problem using it.

So ... now what are your thoughts on upgrading your email/newsreader
application to something not vulnerable?

--
-bts
-Friends don't let friends drive Vista
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

"Beauregard T. Shagnasty" <a.nony.mous.TakeThisOut@example.invalid> wrote in message
news:%Uy9j.54978$MJ6.47929@bgtnsc05-news.ops.worldnet.att.net...
|R Tin wrote:
|
| > As an OE user, Thanks again Beauregard. Apparently Bughunter is
| > disfavored here.
|
| You're welcome.
|
| Bughunter is only disfavored by a few who don't like author Dustin and
| his former occupation. I don't think you will have any problem using it.
|
| So ... now what are your thoughts on upgrading your email/newsreader
| application to something not vulnerable?
|
| --
| -bts
| -Friends don't let friends drive Vista

Hello, Beauregard. I haven't been thinking about a replacement for OE, but
if you have a recommendation, I'd like to look at it and maybe even bestir
myself into making a decision.
I'm used to OE and lazy about such onerous chores as reading the f-ing
manual for new apps.
--
R Tin
Address anti-spammed
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

Thanks, Dustin. I unchecked ddosattacker in msconfig, and no more file
security messages. Removed that file and expedit.jpg.vbs, and ran system
file checker, which completed in half an hour but gave no report or any info
about files more recent than those installed. Guess that's standard, but
don't know. First running of sfc /scannow.

--
R Tin
Address anti-spammed


"Dustin Cook" <bughunter.dustin.RemoveThis@gmail.com> wrote in message
news:Xns9A08D041DD9D2HHI2948AJD832@69.28.186.121...
| "R Tin" <rfox24x.RemoveThis@xcox.net> wrote in
| news:W7g9j.10391$pq.10334@newsfe24.lga:
|
| > Received in news group, an apparently joke post with link to humorous
| > web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
| > file name included .vbs. Purports or pretends to alter system files;
| > calls for repair with Win XP Home disk. A/V and other programs find no
| > virus. Anyone who knows how to get rid if it, please advise.
| >
|
| The file I have doesn't appear to cause much mischief, it's a vbs worm
| however. And it does have a denial of service payload. I will add it to
| BugHunter.
|
| --
| Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
| Email.: bughunter.dustin.RemoveThis@gmail.com
| Web...: http://bughunter.it-mate.co.uk
| Pad...: http://bughunter.it-mate.co.uk/pad.xml
| PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

Hi Dustin,
I've got a file that I think is malware that I'd like you to look at if you
would. It's causing my pc to ask for a password when I wake it from
'sleeping' and won't let me run the antivirus or any malware scanners. I
tried to send you an email to the buhunter.dustin address but it came back.

Do you think you could have a look at it and perhaps tell me how I can sort
it out?

Thanks,
Alexandra


"Dustin Cook" <bughunter.dustin.DeleteThis@gmail.com> wrote in message
news:Xns9A08BD5D3FA05HHI2948AJD832@69.28.186.121...
> "R Tin" <rfox24x.DeleteThis@xcox.net> wrote in
> news:W7g9j.10391$pq.10334@newsfe24.lga:
>
>> Received in news group, an apparently joke post with link to humorous
>> web site. Offered download of a *.jpg (expedit.jpg.zip). Concealed
>> file name included .vbs. Purports or pretends to alter system files;
>> calls for repair with Win XP Home disk. A/V and other programs find no
>> virus. Anyone who knows how to get rid if it, please advise.
>>
>
> If you'd care to send a sample of the file you downloaded/received along
> to
> my email address (instructions provided on site) I may be able to assist
> in
> it's removal.
>
>
> --
> Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2d
> Email.: bughunter.dustin.DeleteThis@gmail.com
> Web...: http://bughunter.it-mate.co.uk
> Pad...: http://bughunter.it-mate.co.uk/pad.xml
> PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps 

"Klex" <klex1 RemoveThis @btopenworld.com> wrote in
news:xfOdnbJXUaNcDuvaRVnyjAA@bt.com:

> Hi Dustin,
> I've got a file that I think is malware that I'd like you to look at
> if you would. It's causing my pc to ask for a password when I wake it
> from 'sleeping' and won't let me run the antivirus or any malware
> scanners. I tried to send you an email to the buhunter.dustin address
> but it came back.
>
> Do you think you could have a look at it and perhaps tell me how I can
> sort it out?

I'd be happy to do so, Please follow the instructions provided on my site
to succesfully submit it to me for analysis. And thank you for the
opportunity.

--
Dustin Cook, Author of BugHunter - MalWare Removal Tool - v2.2e
Email.: bughunter.dustin RemoveThis @gmail.com
Web...: http://bughunter.it-mate.co.uk
Pad...: http://bughunter.it-mate.co.uk/pad.xml
PGP...: http://bughunter.it-mate.co.uk/bughunter.dustin.txt
 >> Stay informed about: Virus active but not found by A/V or malware removal apps