Prev: Hmmmm
Next: LGKodiak Cruise Window
From: tburtenshaw on 12 Dec 2006 05:05 Hey, has anyone had problems with AVG not detecting the RJUMP virus (i keep getting one called adober.exe). I'm in thailand (mae sot) at the moment, and it is incredibly prevalent here. I have seen in at nearly every internet cafe I have been to. It's a virus transmitted via USB drives and card readers, thanks to Windows' habit of running any autorun.inf file on any item of new media. It's obviously quite simple to do. When someone puts an infected pendrive into a USB port, Windows finds the autorun.inf file, and runs adober.exe. This program copies itself to the C:\WINDOWS directory (or whatever), and alters the registry so it is run when windows starts. The program remains resident in memory, and hijacks the usual "new drive found" stuff, and as soon as a new USB drive is inserted, it copies an executable, a DLL and the autorun.inf file. The new drive is now ready to infect the next computer in the next thai internet cafe. Most have AVG installed, but this did nothing. Another antivirus program at one place did detect the virus, and even cleaned it from my USB drive. I now lock my SD cards before connecting them, and quickly check for adober.exe in the running processes. I haven't seen much about this anywhere else, I was wondering if others have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING WITHOUT ASKING!!! :-D Thanks, Tristan
From: Potblak on 12 Dec 2006 06:08 Do you happen to remember which version of AVG they were running? And which update set? Or could you take a look next time you go there? tia <tburtenshaw(a)gmail.com> wrote in message news:1165917935.992398.326490(a)j72g2000cwa.googlegroups.com... > Hey, has anyone had problems with AVG not detecting the RJUMP virus (i > keep getting one called adober.exe). > > I'm in thailand (mae sot) at the moment, and it is incredibly prevalent > here. I have seen in at nearly every internet cafe I have been to. > > It's a virus transmitted via USB drives and card readers, thanks to > Windows' habit of running any autorun.inf file on any item of new > media. > > It's obviously quite simple to do. When someone puts an infected > pendrive into a USB port, Windows finds the autorun.inf file, and runs > adober.exe. This program copies itself to the C:\WINDOWS directory (or > whatever), and alters the registry so it is run when windows starts. > > The program remains resident in memory, and hijacks the usual "new > drive found" stuff, and as soon as a new USB drive is inserted, it > copies an executable, a DLL and the autorun.inf file. The new drive is > now ready to infect the next computer in the next thai internet cafe. > > Most have AVG installed, but this did nothing. Another antivirus > program at one place did detect the virus, and even cleaned it from my > USB drive. > > I now lock my SD cards before connecting them, and quickly check for > adober.exe in the running processes. > > I haven't seen much about this anywhere else, I was wondering if others > have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING > WITHOUT ASKING!!! :-D > > Thanks, > Tristan >
From: tburtenshaw on 12 Dec 2006 06:58 Hi, On this computer they're running version 7.5.432, which is unregistered (it's thailand). I tried to update the database, (it was from 9 December, not old) and it warned me that it was a pirated version, but updated nonetheless (i think). It now has the 11 December virus database). I did another scan, and it still did not detect the virus. Potblak wrote: > Do you happen to remember which version of AVG they were running? > And which update set? > Or could you take a look next time you go there? > tia > <tburtenshaw(a)gmail.com> wrote in message > news:1165917935.992398.326490(a)j72g2000cwa.googlegroups.com... > > Hey, has anyone had problems with AVG not detecting the RJUMP virus (i > > keep getting one called adober.exe). > > > > I'm in thailand (mae sot) at the moment, and it is incredibly prevalent > > here. I have seen in at nearly every internet cafe I have been to. > > > > It's a virus transmitted via USB drives and card readers, thanks to > > Windows' habit of running any autorun.inf file on any item of new > > media. > > > > It's obviously quite simple to do. When someone puts an infected > > pendrive into a USB port, Windows finds the autorun.inf file, and runs > > adober.exe. This program copies itself to the C:\WINDOWS directory (or > > whatever), and alters the registry so it is run when windows starts. > > > > The program remains resident in memory, and hijacks the usual "new > > drive found" stuff, and as soon as a new USB drive is inserted, it > > copies an executable, a DLL and the autorun.inf file. The new drive is > > now ready to infect the next computer in the next thai internet cafe. > > > > Most have AVG installed, but this did nothing. Another antivirus > > program at one place did detect the virus, and even cleaned it from my > > USB drive. > > > > I now lock my SD cards before connecting them, and quickly check for > > adober.exe in the running processes. > > > > I haven't seen much about this anywhere else, I was wondering if others > > have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING > > WITHOUT ASKING!!! :-D > > > > Thanks, > > Tristan > >
From: Gabriele Neukam on 12 Dec 2006 12:00 On this special day, tburtenshaw(a)gmail.com wrote : > And also, WHY DOES WINDOWS RUN SOMETHING > WITHOUT ASKING!!! Get the TweakUI for Windows XP and aplly it. "My Computer", branch "AutoPlay", branch "Types", uncheck "Enable Autoplay for removable drives" I've been running my machine like this from the beginning. I don't like to see a menu shoved into my face, which asks me, if I want to see a slide show of the pictures on my SD card, or do something else. I want to copy the portion which is newest to the hard disk, and that's it, dammit. Gabriele Neukam Gabriele.Spamfighter.Neukam(a)t-online.de -- Die Installation von Linux ist in den meisten F�llen nicht die Ursache von Sicherheit, sondern die Folge von Wissen. - (Wilfried Kramer in de.admin.net-abuse.mail)
From: David H. Lipman on 12 Dec 2006 16:52
From: <tburtenshaw(a)gmail.com> | Hey, has anyone had problems with AVG not detecting the RJUMP virus (i | keep getting one called adober.exe). | | I'm in thailand (mae sot) at the moment, and it is incredibly prevalent | here. I have seen in at nearly every internet cafe I have been to. | | It's a virus transmitted via USB drives and card readers, thanks to | Windows' habit of running any autorun.inf file on any item of new | media. | | It's obviously quite simple to do. When someone puts an infected | pendrive into a USB port, Windows finds the autorun.inf file, and runs | adober.exe. This program copies itself to the C:\WINDOWS directory (or | whatever), and alters the registry so it is run when windows starts. | | The program remains resident in memory, and hijacks the usual "new | drive found" stuff, and as soon as a new USB drive is inserted, it | copies an executable, a DLL and the autorun.inf file. The new drive is | now ready to infect the next computer in the next thai internet cafe. | | Most have AVG installed, but this did nothing. Another antivirus | program at one place did detect the virus, and even cleaned it from my | USB drive. | | I now lock my SD cards before connecting them, and quickly check for | adober.exe in the running processes. | | I haven't seen much about this anywhere else, I was wondering if others | have seen something like this. And also, WHY DOES WINDOWS RUN SOMETHING | WITHOUT ASKING!!! :-D | | Thanks, | Tristan Follow Gabriele Neukam's suggestion and then... Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |