Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-28-2012, 12:40 PM   #1
DrPizza
Administrator
Elite Member
Goat Whisperer
 
DrPizza's Avatar
 
Join Date: Mar 2001
Location: Western NY
Posts: 43,094
Default New virus out there that's spreading rapidly?

Got this in a forwarded email:
Quote:
I wanted to give everyone a heads up that there is a Virus running rampant in the world. Looks like it came out late on November 22, and as of late yesterday (November 27), it has spread very quickly around the world. There isn’t a specific name for it, and all of the AntiVirus companies are scrambling to come up with a fix. We have been in contact with our AV vendor, who indicated that they have identified the effects of the virus and are working on a fix…

At the moment, the way to know if you have it, is that all of your files and folders are “hidden”, NOT deleted. And, files are dropped into directories with the name of sexy.exe, porn.exe, secret.exe, and password.exe. These .exe files are the virus, if you click these, it will search through all of your drives and hide everything. If you have a USB drive, the virus will be written here, for transport…

Keep this in mind when using your own personal computers at home, and most importantly, your USB drives are vulnerable. Be sure to update your AV definitions on a nightly basis.

Just a heads up. I heard that an area university "lost" much of their network.
__________________
Fainting Goats
DrPizza is offline   Reply With Quote
Old 11-28-2012, 08:31 PM   #2
mechBgon
Super Moderator
Elite Member
 
mechBgon's Avatar
 
Join Date: Oct 1999
Posts: 30,697
Default

Anyone interested in disabling the AutoRun attack vector can scroll down this Microsoft knowledge-base page and look for the Fix-It icons:

http://support.microsoft.com/kb/967715

This arbitrarily prevents all forms of AutoRun, malicious or otherwise, so it's a trade-off of some ease of use versus security. AutoRun worms are very common, so I opt for security.

A further countermeasure: Software Restriction Policy. If you want heavy-duty protection from exploit payloads and userland malware, it may be worth the effort. http://www.mechbgon.com/srp
mechBgon is offline   Reply With Quote
Old 11-29-2012, 06:00 AM   #3
Demo24
Diamond Member
 
Demo24's Avatar
 
Join Date: Aug 2004
Location: North GA
Posts: 7,772
Default

This has happened on a couple of the older xp machines I manage, but months ago. Its definitely not the first to do this. Its certainly neat, but annoying. The last one I've dealt with hid everything, even program files, start menu, messed with my computer, messed with device manager and made it impossible to mount any devices. Pretty thorough and I don't even know what the point was, but it created some troubles to get the files off.
__________________
.........
Demo24 is offline   Reply With Quote
Old 12-02-2012, 02:50 PM   #4
MrColin
Platinum Member
 
MrColin's Avatar
 
Join Date: May 2003
Posts: 2,104
Default

Quote:
Originally Posted by mechBgon View Post
Anyone interested in disabling the AutoRun attack vector can scroll down this Microsoft knowledge-base page and look for the Fix-It icons:

http://support.microsoft.com/kb/967715

This arbitrarily prevents all forms of AutoRun, malicious or otherwise, so it's a trade-off of some ease of use versus security. AutoRun worms are very common, so I opt for security.

A further countermeasure: Software Restriction Policy. If you want heavy-duty protection from exploit payloads and userland malware, it may be worth the effort. http://www.mechbgon.com/srp
Even still, do I have the willpower not to run sexy.exe as admin? It could be...really, really sexy, damn those malware authors!
__________________
"Your heart is in the right place. But still, you are a very disturbed individual."

-Xionide
MrColin is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:13 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.