w32.virut.w, PE_VIRUT.A w32.virut.w, PE_VIRUT.A

    • Nov Novembre
    • 11 11

    w32.virut.w, PE_VIRUT.A w32.virut.w, PE_VIRUT.A

    Posted by Nick B 1 year ago . Inviato da Nick B 1 anno fa.

    Filed under Virus & Windows . Elencato sotto Virus e Windows.

    I just download google pack with norton and the first scan hook my fav svn tortoise with w32.virut.w . Ho appena Scarica Google Pack con Norton e la prima scansione gancio mio fav svn tartaruga con w32.virut.w.

    Excerpt from Symantec Estratto da Symantec

    W32.Virut.A is a virus that infects executable files and opens a back door on TCP port 65520 by connecting to a predefined IRC server. W32.Virut.A è un virus che infetta i file eseguibili e apre una porta sulla porta TCP 65520 con il collegamento ad un server IRC predefinito.

    Netstats

    netstat -aob > netstat.log netstat-AOB> netstat.log 

      TCP USER:1028 78.109.19.140.in.hosting.ua:65520 ESTABLISHED 936 TCP UTENTE: 1028 78.109.19.140.in.hosting.ua: 65520 ISTITUITO 936 
  [winlogon.exe]

    The free version of Norton Internet Scan Failed to fixed the virus. La libera versione di Norton Internet Scan impossibile fissare il virus. :( : (

    Norton Logs Norton Log 

     Process: Processo: 
  c:\windows\system32\ctfmon.exe c: \ windows \ system32 \ ctfmon.exe 
  c:\program files\tortoisesvn\bin\tsvncache.exe C: \ Program Files \ TortoiseSVN \ bin \ tsvncache.exe 
 Infection: Infezione: 
  c:\windows\system32\ctfmon.exe c: \ windows \ system32 \ ctfmon.exe 
  c:\program files\tortoisesvn\bin\tsvncache.exe C: \ Program Files \ TortoiseSVN \ bin \ tsvncache.exe 
  c:\windows\system32\spoolsv.exe c: \ windows \ system32 \ spoolsv.exe 
  c:\windows\system32\locator.exe c: \ windows \ system32 \ Locator.exe 
  c:\windows\system32\alg.exe c: \ windows \ system32 \ alg.exe 
  c:\windows\system32\sessmgr.exe c: \ windows \ system32 \ sessmgr.exe 
  c:\windows\system32\dllhost.exe c: \ windows \ system32 \ Dllhost.exe 
  c:\windows\system32\rsvp.exe c: \ windows \ system32 \ rsvp.exe 
  c:\windows\system32\dmadmin.exe c: \ windows \ system32 \ dmadmin.exe 
  c:\windows\system32\msdtc.exe c: \ windows \ system32 \ msdtc.exe 
  c:\windows\system32\cisvc.exe c: \ windows \ system32 \ cisvc.exe 
  c:\windows\system32\wbem\wmiapsrv.exe c: \ windows \ system32 \ wbem \ wmiapsrv.exe 
  c:\windows\system32\ups.exe c: \ windows \ system32 \ ups.exe 
  c:\windows\system32\msiexec.exe c: \ windows \ system32 \ msiexec.exe 
  c:\windows\system32\netdde.exe c: \ windows \ system32 \ netdde.exe 
  c:\windows\system32\vssvc.exe c: \ windows \ system32 \ vssvc.exe 
  c:\windows\system32\mnmsrvc.exe c: \ windows \ system32 \ mnmsrvc.exe 
  c:\windows\system32\mshta.exe c: \ windows \ system32 \ Mshta.exe 
  c:\windows\system32\userinit.exe c: \ windows \ system32 \ userinit.exe 
  c:\windows\system32\ieudinit.exe c: \ windows \ system32 \ ieudinit.exe 
  c:\windows\inf\unregmp2.exe c: \ windows \ inf \ unregmp2.exe 
  c:\windows\system32\ie4uinit.exe c: \ windows \ system32 \ ie4uinit.exe 
  c:\windows\system32\rundll32.exe c: \ windows \ system32 \ rundll32.exe 
  c:\windows\system32\regsvr32.exe c: \ windows \ system32 \ regsvr32.exe 
  c:\windows\system32\ntsd.exe c: \ windows \ system32 \ ntsd.exe 
  c:\program files\wakoopa\wakoopa.exe C: \ Program Files \ wakoopa \ wakoopa.exe 
  c:\program files\7-zip\7zfm.exe C: \ Program Files \ 7-zip \ 7zfm.exe 
  c:\program files\acd systems\acdsee\6.0\acdsee6.exe C: \ Program Files \ ACD Systems \ ACDSee \ 6.0 \ acdsee6.exe 
  c:\program files\adobe\adobe help center\ahc.exe C: \ Program Files \ Adobe \ Adobe Centro assistenza \ ahc.exe 
  c:\program files\netmeeting\conf.exe C: \ Program Files \ NetMeeting \ conf.exe 
  c:\program files\common files\acd systems\en\devdetect.exe C: \ Programmi \ File comuni \ ACD Systems \ it \ devdetect.exe 
  c:\program files\windows nt\dialer.exe C: \ Program Files \ Windows NT \ dialer.exe 
  c:\program files\acd systems\fotocanvas\3.0\fotocanvas3.exe C: \ Program Files \ ACD Systems \ fotocanvas \ 3.0 \ fotocanvas3.exe 
  c:\program files\acd systems\fotoslate\3.0\fotoslate3.exe C: \ Program Files \ ACD Systems \ fotoslate \ 3.0 \ fotoslate3.exe 
  c:\windows\pchealth\helpctr\binaries\helpctr.exe c: \ windows \ PCHealth \ helpctr \ binari \ helpctr.exe 
  c:\program files\hp\digital imaging\unload\hpqapkil.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqapkil.exe 
  c:\program files\hp\digital imaging\unload\hpqdia.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqdia.exe 
  c:\program files\hp\digital imaging\unload\hpqdias.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqdias.exe 
  c:\program files\hp\digital imaging\unload\hpqphunl.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqphunl.exe 
  c:\program files\hp\digital imaging\unload\hpqpsmon.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqpsmon.exe 
  c:\program files\hp\digital imaging\unload\hpqunset.exe C: \ Program Files \ HP \ Digital Imaging \ scaricare \ hpqunset.exe 
  c:\program files\hp\digital imaging\bin\hpqvpswp.exe C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqvpswp.exe 
  c:\program files\windows nt\hypertrm.exe C: \ Program Files \ Windows NT \ hypertrm.exe 
  c:\program files\internet explorer\connection wizard\icwconn1.exe C: \ Program Files \ Internet Explorer \ Connection Wizard \ icwconn1.exe 
  c:\program files\internet explorer\connection wizard\icwconn2.exe C: \ Program Files \ Internet Explorer \ Connection Wizard \ icwconn2.exe 
  c:\program files\internet explorer\iexplore.exe C: \ Program Files \ Internet Explorer \ iexplore.exe 
  c:\program files\adobe\adobe photoshop cs2\imageready.exe C: \ Program Files \ Adobe \ Adobe Photoshop CS2 \ imageready.exe 
  c:\program files\internet explorer\connection wizard\inetwiz.exe C: \ Program Files \ Internet Explorer \ Connection Wizard \ inetwiz.exe 
  c:\program files\internet explorer\connection wizard\isignup.exe C: \ Program Files \ Internet Explorer \ Connection Wizard \ isignup.exe 
  c:\program files\java\jre1.6.0_02\bin\javaws.exe C: \ Program Files \ Java \ jre1.6.0_02 \ bin \ javaws.exe 
  c:\windows\system32\usmt\migwiz.exe c: \ windows \ system32 \ usmt \ migwiz.exe 
  c:\program files\movie maker\moviemk.exe C: \ Program Files \ Movie Maker \ moviemk.exe 
  c:\program files\windows media player\mplayer2.exe C: \ Program Files \ Windows Media Player \ Mplayer2.exe 
  c:\program files\combined community codec pack\mpc\mplayerc.exe C: \ Program Files \ combinato comunità Codec Pack \ MPC \ mplayerc.exe 
  c:\windows\pchealth\helpctr\binaries\msconfig.exe c: \ windows \ PCHealth \ helpctr \ binari \ msconfig.exe 
  c:\program files\outlook express\msimn.exe C: \ Program Files \ Outlook Express \ msimn.exe 
  c:\program files\common files\microsoft shared\msinfo\msinfo32.exe c: \ Programmi \ File comuni \ Microsoft Shared \ Msinfo \ msinfo32.exe 
  c:\program files\messenger\msmsgs.exe C: \ Program Files \ Messenger \ msmsgs.exe 
  c:\program files\notepad  \notepad  .exe C: \ Program Files \ Notepad     \ Notepad    . exe 
  c:\windows\system32\mspaint.exe c: \ windows \ system32 \ MSPaint.exe 
  c:\program files\adobe\adobe photoshop cs2\photoshop.exe C: \ Program Files \ Adobe \ Adobe Photoshop CS2 \ photoshop.exe 
  c:\program files\quicktime\pictureviewer.exe C: \ Program Files \ QuickTime \ pictureviewer.exe 
  c:\python25\python.exe c: \ python25 \ python.exe 
  c:\program files\real\realplayer\realplay.exe C: \ Program Files \ vero \ RealPlayer \ realplay.exe 
  c:\program files\common files\real\update_ob\rnxproc.exe C: \ Programmi \ File comuni \ vero \ update_ob \ rnxproc.exe 
  c:\windows\soundman.exe c: \ windows \ soundman.exe 
  c:\program files\tortoisesvn\bin\subwcrev.exe C: \ Program Files \ TortoiseSVN \ bin \ subwcrev.exe 
  c:\program files\outlook express\wab.exe C: \ Program Files \ Outlook Express \ wab.exe 
  c:\program files\outlook express\wabmig.exe C: \ Program Files \ Outlook Express \ wabmig.exe 
  c:\program files\winrar\winrar.exe C: \ Program Files \ WinRAR \ winrar.exe 
  c:\program files\windows media player\wmplayer.exe C: \ Program Files \ Windows Media Player \ wmplayer.exe 
  c:\program files\windows nt\accessories\wordpad.exe C: \ Program Files \ Windows NT \ accessori \ wordpad.exe 
  c:\program files\combined community codec pack\zoom player\zplayer.exe C: \ Program Files \ combinato comunità Codec Pack \ zoom giocatore \ zplayer.exe 
  c:\windows\system32\logon.scr c: \ windows \ system32 \ logon.scr 
 Service: Servizio: 
  RpcLocator 
  ALG 
  RDSessMgr 
  COMSysApp 
  RSVP 
  dmadmin 
  MSDTC 
  CiSvc 
  WmiApSrv 
  UPS 
  SwPrv 
  MSIServer 
  NetDDE 
  VSS 
  mnmsrvc 
 Browser Cache Browser Cache 
 Registry: Registro di sistema: 
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon->Userinit HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon-> Userinit

    had to reinstall my windows XP because there is so many hook. ha dovuto reinstallare il mio Windows XP perché c'è così tanti gancio. I had send a support email to hosting.ua but still got no replied from theme. Ho dovuto inviare una e-mail a sostegno hosting.ua ma ancora non ha risposto dal tema. need to reboot now. necessità di riavviare il sistema ora.

    Nov 17 07 , Update 17 nov 07, Aggiornamento

    I got reply back from hosting.ua support. Ho ricevuto risposta dal hosting.ua sostegno. below is part of the email qui di seguito è parte della e-mail 

     from abuse@hosting.ua da abuse@hosting.ua 
 to nospam@gmail.com, a nospam@gmail.com, 
 date Nov 13, 2007 5:00 PM data novembre 13, 2007 5:00 PM 
 subject Reply: trojan 78.109.19.140.in.hosting.ua #48879 Rispondi oggetto: Trojan 78.109.19.140.in.hosting.ua # 48879 

 hide details Nov 13 (3 days ago) nascondi dettagli novembre 13 (3 giorni fa) 	

 Reply Rispondere 

 ======== CUT HERE ========= ======== CUT QUI ========= 
 Your support request was answered: La vostra richiesta di assistenza è stato risposto: 

 Created: 11.11.2007 1:28:38 Creato: 11/11/2007 1:28:38 
 Last Mod: 12.11.2007 1:41:30 Ultimo Mod: 12/11/2007 1:41:30 

 Assigned To: Assegnato a: 
 admin(Hosting.UA) admin (Hosting.UA) 

 [11.11.2007 1:28:38] [11/11/2007 1:28:38] 
 Q: hi, D: Ciao, 
 This is for your attention. Questo è per la vostra attenzione. I got a trojan in pc it routed back to one of Ho un trojan nel pc è instradato indietro a uno dei 
 your hosting at *78.109.19.140.in.hosting.ua * il tuo hosting su 78.109.19.140.in.hosting.ua * * 

 I hope you can do something about it. Spero che lei può fare qualcosa al riguardo. 

 Thank you Grazie 
 ------------------------------------------------------- -------------------------------------------------- ----- 

 [13.11.2007 11:00:08] [13/11/2007 11:00:08] 
 A: Fixed! A: fisso! 

 thx THX 
 www.Hosting.UA 

 ------------------------------------------------------- -------------------------------------------------- ----- 
 Hosting.UA Administration Hosting.UA Amministrazione

    Well there is no explaination about the issue from the support staff.  hope this site will be closed down for good. Ebbene non vi è alcuna esposizione in merito alla questione del personale di supporto. Auguriamo che questo sito sarà chiuso per bene. Google already blocked and place a warning when you search for the infected URI. Google già bloccato e posto un messaggio di avviso quando si cerca per infetti URI.

    About the Author Chi l'Autore

     

    Tags: Tag:
    • November 11, 2007 at 11:44 am 11 novembre 2007 alle 11:44 am
    • November 17, 2007 at 1:36 am 17 novembre 2007 alle 1:36 am
    • 0.3 0,3
    • url

    • No Responses tow32.virut.w, PE_VIRUT.A Nessun Commento a "w32.virut.w, PE_VIRUT.A"

      Trackback URL: Trackback URL: Use the TrackBack url ↑ to ping this article. Utilizzare il Trackback URL ↑ a ping questo articolo. If your blog does not support Trackbacks you might want to leave a comment instead. Se il tuo blog non supporta TrackBacks si potrebbe desiderare di lasciare un commento invece.
        • RE: w32.virut.w, PE_VIRUT.A - 'The Guide' ↓ RE: w32.virut.w, PE_VIRUT.A - 'La Guida' ↓
          w32.virut.w, PE_VIRUT.A Kakkoi 1 year ago 5 url w32.virut.w, PE_VIRUT.A Kakkoi 1 anno fa 5 url
          Marvin, Point of View Gun

          The following "Code" are designed to protect you and other users of this site. La seguente "Codice" sono progettati per proteggere voi e gli altri utenti di questo sito.

          • Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. Essere rilevanti: Il tuo commento dovrebbe essere un contributo attenti al tema della voce. Keep your comments constructive and polite. Tenere i tuoi commenti costruttivi e gentile.
          • No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. N. pubblicità o spamming: non utilizzare la funzione di commento a promuovere enti commerciali / prodotti, di servizi affiliati o siti web. You are allowed to post a link as long as it's relevant to the entry. Sei autorizzato a postare un link fintanto che è rilevante per l'entrata.
          • Keep within the law: Do not link to offensive or illegal content websites. Tenere all'interno della legge: non offensivo link a contenuti illegali o siti web. Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation. Non fare nessuna diffamatorio o denigratorie commenti che potrebbero danneggiare la reputazione di una persona o organizzazione.
          • Privacy: Do not post any personal information relating to yourself or anyone else - (ie: address, place of employment, telephone or mobile number or email address). Privacy: Non pubblicare tutte le informazioni personali relative a te stesso o chiunque altro - (vale a dire: indirizzo, luogo di lavoro, telefono o numero di cellulare o indirizzo e-mail).

          In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines. Al fine di mantenere queste esperienze divertente e interessante per tutti i nostri utenti, ti chiediamo di seguire le guidlines sopra.

          be the first to comment. essere il primo a commentare.

          Kakkoi Feel free to engage, ask questions, and tell us what you are thinking! Sentiti libero di impegnarsi, porre domande, e dirci cosa stai pensando! Regular and insightful comments are most welcomed. Regolari e dettagliati commenti sono la maggior parte ha accolto con favore.

    "write as if you were talking to a good friend (in front of your mother)." "scrivere come se si trattasse di parlare di un buon amico (di fronte a tua madre)."

    .have your say . Dite la vostra

    Disclaimer: For any content that you post, you hereby grant to Kakkoi the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved. Disclaimer: Per qualsiasi contenuto che si posta, si dichiara di concedere Kakkoi il titolo gratuito, irrevocabile, perpetuo, esclusivo e pienamente sublicensable licenza di utilizzare, riprodurre, modificare, adattare, pubblicare, tradurre, creare opere derivate, distribuire, eseguire e visualizzare tali contenuti in tutto o in parte, in tutto il mondo e di incorporare in altri lavori, in qualsiasi forma, media o tecnologia attualmente conosciuta o sviluppata successivamente. Alcuni diritti riservati.

MySQL query error MySQL Query errore