Question for grix
mex to woox
— 07 Feb 2009 08:52
Subject: Re: Re: Hijackthis log file
grix
— 07 Feb 2009 09:59
Subject: Re: Re: Re: Question for grix
you can get
clamav AV for unix systems
there is always the issue downloading and installing stuff on a machine that is already infected - how smart is the virus - it may just patch the AV to make it seem like the machine is clean...but it may have done its job - did you find out what the virus was callle d- then you can see how good a virus it is
mex
— 07 Feb 2009 10:59
Subject: Re: Re: Re: Re: Question for grix
It was crating a pop-up message from the windows log-on.
"I am still waiting for your strawberry from baguio." which you had to click ok to in order to continue.
That has stopped now and I did a full virus scan which came up as all clear so I think I've got rid of it from his computer.
Not sure how to clean the usb key tho
Do I just delete exiplorer.VIR and is there a way to scan the doc and xls files to see if there is anything nasty embedded in them?
Will download clamav and use it to scan the usb key
mex
— 07 Feb 2009 11:27
Subject: Re: Re: Re: Re: Re: Question for grix
Downloaded clamav-0.94.2.tar.gz but have no idea how to install it! I'm a linux newbie. Double clicking just opens the contents.
dex
— 07 Feb 2009 17:52
Subject: Re: Re: Re: Re: Re: Re: Question for grix
I still think you should have burnt it
grix
— 07 Feb 2009 23:07
Subject: Re: Re: Re: Re: Re: Question for grix
mmm - he needs to change all his passwords as often these trojans key log and send all the info back to a remote server
best thing to do is copy the files he needs to your linux system and then do a full format of the USB key
Scan the files using these web based virus scanning services - they use a number of AV engines
VirusTotal
VirScan
grix
— 07 Feb 2009 23:11
Subject: linux AV
mex
— 08 Feb 2009 05:55
Subject: Re: linux AV
Thanks grix, I'm pretty sure it's got rid of now, I did the online scanning of the individual files on his key and they all came up as clean. I also did a wipe of the free space on his key but will also do what you suggested and format it then put the files back on.
If someone wanted to put a trojan key logger on, why would they advertise the fact that your computer was infected with the boot up message? Anyway I'm pretty sure he realised he had the virus as soon as he plugged the usb key in so hasn't comprimised himself by using the machine since. I'll reccomend changing his passwords tho, just in case.
BTW did you phone me at 1am?
nix
— 08 Feb 2009 05:59
Subject: Re: Re: linux AV
I don't know if this is relevant at all but I just bought 3 2GB USB sticks for $3.99 each - job well done on saving his - can't have taken you more than a couple of days tops
Reply
providers of synthetic therapeutic virtual-chemical-combination therapy for humans since before fuckin ages ago
