Viruses

2Sweet · Aug 24, 2007

Any ideals what are all these viruses. Scan using various antivirus
products.

Sophos Antivirus detected the virus name as:
Mal/AutoInf-A and Mal/Behav-033

NOD32 Antivirus detected the virus name as:
Win32/VB.NIR trojan

AVG Antivirus detected the virus name as:
Worm/VB.BSP

BoaterDave · Aug 24, 2007

Someone here once said to me "Google is your friend" .......... and so it
is!

Look here:-
http://www.google.co.uk/search?hl=en&q=Win32/VB.NIR+trojan&btnG=Google+Search&meta=

Hope this helps.

David

*******************************************************************
"2Sweet" <cmchong20@yahoo.com> wrote in message
news:OekaDAi5HHA.5316@TK2MSFTNGP04.phx.gbl...
> Any ideals what are all these viruses. Scan using various antivirus
> products.
>
> Sophos Antivirus detected the virus name as:
> Mal/AutoInf-A and Mal/Behav-033
>
> NOD32 Antivirus detected the virus name as:
> Win32/VB.NIR trojan
>
>
> AVG Antivirus detected the virus name as:
> Worm/VB.BSP
>
>

Milo \(MSPSS\) · Aug 24, 2007

Those are VB scripts made for lockdowns and droppers for possible infection
one instance in the asia pacific with a modified version of a vb script
kiddie was to lockdown usb storage from being viewed automatically by a
system.

"2Sweet" <cmchong20@yahoo.com> wrote in message
news:OekaDAi5HHA.5316@TK2MSFTNGP04.phx.gbl...
> Any ideals what are all these viruses. Scan using various antivirus
> products.
>
> Sophos Antivirus detected the virus name as:
> Mal/AutoInf-A and Mal/Behav-033
>
> NOD32 Antivirus detected the virus name as:
> Win32/VB.NIR trojan
>
>
> AVG Antivirus detected the virus name as:
> Worm/VB.BSP
>
>

2Sweet · Aug 24, 2007

So is this a virus/worm? How does it infect the usb storage?
Any article that describe in detail about this?

"Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message
news:C14A00F3-9BC5-4CC5-8A33-954776D1A28F@microsoft.com...
> Those are VB scripts made for lockdowns and droppers for possible
> infection one instance in the asia pacific with a modified version of a vb
> script kiddie was to lockdown usb storage from being viewed automatically
> by a system.
>
>
> "2Sweet" <cmchong20@yahoo.com> wrote in message
> news:OekaDAi5HHA.5316@TK2MSFTNGP04.phx.gbl...
>> Any ideals what are all these viruses. Scan using various antivirus
>> products.
>>
>> Sophos Antivirus detected the virus name as:
>> Mal/AutoInf-A and Mal/Behav-033
>>
>> NOD32 Antivirus detected the virus name as:
>> Win32/VB.NIR trojan
>>
>>
>> AVG Antivirus detected the virus name as:
>> Worm/VB.BSP
>>
>>
>

Dustin Cook · Aug 25, 2007

"Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
news:C14A00F3-9BC5-4CC5-8A33-954776D1A28F@microsoft.com:

> Those are VB scripts made for lockdowns and droppers for possible
> infection one instance in the asia pacific with a modified version of
> a vb script kiddie was to lockdown usb storage from being viewed
> automatically by a system.

It sets a registry key to do this doesn't it?

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Milo \(MSPSS\) · Aug 25, 2007

Much about this scenario and how to resolve this instances

http://msforums.ph/forums/t/43418.aspx

Hope this helps

"2Sweet" <cmchong20@yahoo.com> wrote in message
news:OLsxTAn5HHA.4880@TK2MSFTNGP03.phx.gbl...
> So is this a virus/worm? How does it infect the usb storage?
> Any article that describe in detail about this?
>
> "Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message
> news:C14A00F3-9BC5-4CC5-8A33-954776D1A28F@microsoft.com...
>> Those are VB scripts made for lockdowns and droppers for possible
>> infection one instance in the asia pacific with a modified version of a
>> vb script kiddie was to lockdown usb storage from being viewed
>> automatically by a system.
>>
>>
>> "2Sweet" <cmchong20@yahoo.com> wrote in message
>> news:OekaDAi5HHA.5316@TK2MSFTNGP04.phx.gbl...
>>> Any ideals what are all these viruses. Scan using various antivirus
>>> products.
>>>
>>> Sophos Antivirus detected the virus name as:
>>> Mal/AutoInf-A and Mal/Behav-033
>>>
>>> NOD32 Antivirus detected the virus name as:
>>> Win32/VB.NIR trojan
>>>
>>>
>>> AVG Antivirus detected the virus name as:
>>> Worm/VB.BSP
>>>
>>>
>>
>
>

Milo \(MSPSS\) · Aug 25, 2007

yes it does... the later effect is put in other infection and remove access
admin priv. to some major part of the system.

"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns9997120DAAD81HHI2948AJD832@69.28.186.121...
> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
> news:C14A00F3-9BC5-4CC5-8A33-954776D1A28F@microsoft.com:
>
>> Those are VB scripts made for lockdowns and droppers for possible
>> infection one instance in the asia pacific with a modified version of
>> a vb script kiddie was to lockdown usb storage from being viewed
>> automatically by a system.
>
> It sets a registry key to do this doesn't it?
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> email: bughunter.dustin@gmail.com.removethis
> web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
>

Milo \(MSPSS\) · Aug 25, 2007

and as well as this for known scrip kiddie remodeled

http://msforums.ph/forums/t/43890.aspx

"2Sweet" <cmchong20@yahoo.com> wrote in message
news:OLsxTAn5HHA.4880@TK2MSFTNGP03.phx.gbl...
> So is this a virus/worm? How does it infect the usb storage?
> Any article that describe in detail about this?
>
> "Milo (MSPSS)" <V-4jpaca@mssupport.microsoft.com> wrote in message
> news:C14A00F3-9BC5-4CC5-8A33-954776D1A28F@microsoft.com...
>> Those are VB scripts made for lockdowns and droppers for possible
>> infection one instance in the asia pacific with a modified version of a
>> vb script kiddie was to lockdown usb storage from being viewed
>> automatically by a system.
>>
>>
>> "2Sweet" <cmchong20@yahoo.com> wrote in message
>> news:OekaDAi5HHA.5316@TK2MSFTNGP04.phx.gbl...
>>> Any ideals what are all these viruses. Scan using various antivirus
>>> products.
>>>
>>> Sophos Antivirus detected the virus name as:
>>> Mal/AutoInf-A and Mal/Behav-033
>>>
>>> NOD32 Antivirus detected the virus name as:
>>> Win32/VB.NIR trojan
>>>
>>>
>>> AVG Antivirus detected the virus name as:
>>> Worm/VB.BSP
>>>
>>>
>>
>
>

Dustin Cook · Aug 26, 2007

"Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:

> yes it does... the later effect is put in other infection and remove
> access admin priv. to some major part of the system.

Understood. I'm writing a small registry policy key utility to distribute
with BugHunter. It should resolve most of the common policies malicious
software seems to set lately. Suggestions for keys to monitor and/or ignore
are welcome via email or a post here.

--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

David Brooks · Aug 28, 2007

Dustin Cook <bughunter.dustin@gmail.com> wrote in
news:Xns99982E9FD621BHHI2948AJD832@69.28.186.121:

> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
> news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:
>
>> yes it does... the later effect is put in other infection and remove
>> access admin priv. to some major part of the system.
>
> Understood. I'm writing a small registry policy key utility to
> distribute with BugHunter. It should resolve most of the common
> policies malicious software seems to set lately. Suggestions for keys
> to monitor and/or ignore are welcome via email or a post here.
>
Hey Dustin!

Just wanted you to know that I listen to your advice and am now
(hopefully <g>) posting from Xnews ......AND bottom posting too!

Cheers

BD

K.Dee :\) · Aug 28, 2007

ROFLMAO
and I am willing to bet real $$ that next month you will be wondering just
how the heck everyone on Microsoft knows your last name.

www.internetmorons.com

"David Brooks" <BoaterDave@nospam.invalid> wrote in message
news:Xns999A9825BF3EFBoaterDaveIMOKataol@207.46.248.16...
Dustin Cook <bughunter.dustin@gmail.com> wrote in
news:Xns99982E9FD621BHHI2948AJD832@69.28.186.121:

> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
> news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:
>
>> yes it does... the later effect is put in other infection and remove
>> access admin priv. to some major part of the system.
>
> Understood. I'm writing a small registry policy key utility to
> distribute with BugHunter. It should resolve most of the common
> policies malicious software seems to set lately. Suggestions for keys
> to monitor and/or ignore are welcome via email or a post here.
>
Hey Dustin!

Just wanted you to know that I listen to your advice and am now
(hopefully <g>) posting from Xnews ......AND bottom posting too!

Cheers

BD

BoaterDave · Aug 28, 2007

On 28 Aug 2007, you wrote in microsoft.public.security.virus:

> Hey Dustin!
>
> Just wanted you to know that I listen to your advice and am now
> (hopefully <g>) posting from Xnews ......AND bottom posting too!
>
> Cheers
>
> BD
>
>

Ooops! Hope this is correct! <g>

BD

***********************************

BoaterDave · Aug 28, 2007

Just checking to see if you were still following my lack of progreess, K.Dee

Thank you for your kind confirmation.

I haven't seen you posting any helpful advice to others. Perhaps you'd like
to explain for everone else reading here, just why you have singled me out
for your attention. Some might like to know! <wink>

BD

*********************************************************
"K.Dee

" <the.lady.k.deeYOUR@CLOTHESgmail.com> wrote in message
news:eZ$2NYY6HHA.5796@TK2MSFTNGP05.phx.gbl...
> ROFLMAO
> and I am willing to bet real $$ that next month you will be wondering just
> how the heck everyone on Microsoft knows your last name.
>
> www.internetmorons.com
>
> "David Brooks" <BoaterDave@nospam.invalid> wrote in message
> news:Xns999A9825BF3EFBoaterDaveIMOKataol@207.46.248.16...
> Dustin Cook <bughunter.dustin@gmail.com> wrote in
> news:Xns99982E9FD621BHHI2948AJD832@69.28.186.121:
>
>> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
>> news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:
>>
>>> yes it does... the later effect is put in other infection and remove
>>> access admin priv. to some major part of the system.
>>
>> Understood. I'm writing a small registry policy key utility to
>> distribute with BugHunter. It should resolve most of the common
>> policies malicious software seems to set lately. Suggestions for keys
>> to monitor and/or ignore are welcome via email or a post here.
>>
> Hey Dustin!
>
> Just wanted you to know that I listen to your advice and am now
> (hopefully <g>) posting from Xnews ......AND bottom posting too!
>
> Cheers
>
> BD
>
>
>

BoaterDave · Aug 28, 2007

Reposting:

Just checking to see if you were still following my lack of progreess, K.Dee

Thank you for your kind confirmation.

I haven't seen you posting any helpful advice to others. Perhaps you'd like
to explain for everone else reading here, just why you have singled me out
for your attention. Some might like to know! <wink>

BD

*********************************************************

"K.Dee

" <the.lady.k.deeYOUR@CLOTHESgmail.com> wrote in message
news:eZ$2NYY6HHA.5796@TK2MSFTNGP05.phx.gbl...
> ROFLMAO
> and I am willing to bet real $$ that next month you will be wondering just
> how the heck everyone on Microsoft knows your last name.
>
> www.internetmorons.com

Dustin Cook · Aug 30, 2007

David Brooks <BoaterDave@nospam.invalid> wrote in
news:Xns999A9825BF3EFBoaterDaveIMOKataol@207.46.248.16:

> Dustin Cook <bughunter.dustin@gmail.com> wrote in
> news:Xns99982E9FD621BHHI2948AJD832@69.28.186.121:
>
>> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
>> news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:
>>
>>> yes it does... the later effect is put in other infection and remove
>>> access admin priv. to some major part of the system.
>>
>> Understood. I'm writing a small registry policy key utility to
>> distribute with BugHunter. It should resolve most of the common
>> policies malicious software seems to set lately. Suggestions for keys
>> to monitor and/or ignore are welcome via email or a post here.
>>
> Hey Dustin!
>
> Just wanted you to know that I listen to your advice and am now
> (hopefully <g>) posting from Xnews ......AND bottom posting too!
>
> Cheers
>
> BD
>
>

Congrats

--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

BoaterDave · Aug 31, 2007

Thanks Dustin! (but OE is so much easier for an 'oldie! <g>)

David

*********************************
"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:Xns999CB2A669E0EHHI2948AJD832@69.28.186.121...
> David Brooks <BoaterDave@nospam.invalid> wrote in
> news:Xns999A9825BF3EFBoaterDaveIMOKataol@207.46.248.16:
>
>> Dustin Cook <bughunter.dustin@gmail.com> wrote in
>> news:Xns99982E9FD621BHHI2948AJD832@69.28.186.121:
>>
>>> "Milo $MSPSS$" <V-4jpaca@mssupport.microsoft.com> wrote in
>>> news:70BA48E8-2B2D-406F-AF31-242F8A1BB431@microsoft.com:
>>>
>>>> yes it does... the later effect is put in other infection and remove
>>>> access admin priv. to some major part of the system.
>>>
>>> Understood. I'm writing a small registry policy key utility to
>>> distribute with BugHunter. It should resolve most of the common
>>> policies malicious software seems to set lately. Suggestions for keys
>>> to monitor and/or ignore are welcome via email or a post here.
>>>
>> Hey Dustin!
>>
>> Just wanted you to know that I listen to your advice and am now
>> (hopefully <g>) posting from Xnews ......AND bottom posting too!
>>
>> Cheers
>>
>> BD
>>
>>
>
> Congrats

>
>
> --
> ####################################################
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> Email: bughunter.dustin@gmail.com
> Web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
> ####################################################

Dustin Cook · Sep 1, 2007

(OT) Thank You BoaterDave Re: Viruses

"BoaterDave" <BoaterDave@nospam.invalid> wrote in news:#SIxKkB7HHA.2752
@TK2MSFTNGP06.phx.gbl:

> Thanks Dustin! (but OE is so much easier for an 'oldie! <g>)

I have good news Dave. Over the past 3 days, I've acquired roughly 20megs
or so of executable files to go thru, many of which being malicious in some
way shape or form. So I'll finally! Be able to update the BugHunter
signature database. It's very much out of date currently.

I'd like to thank you for introducing me to this newsgroup as well, Several
people have been kind enough to send in samples for analysis and I
appreciate the time they spent doing it.

Also, regarding the email you sent me containing the logfile, every single
item except maybe one is indeed a false alarm and it will be corrected with
the forthcoming BugHunter signature update. Please send along a thank you
to your friend for the information and assistance in improving the program.

--
####################################################
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
Email: bughunter.dustin@gmail.com
Web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml
####################################################

BoaterDave · Sep 1, 2007

Re: (OT) Thank You BoaterDave Re: Viruses

You're (note the spelling! <g>) welcome, Dustin.

Pleased to be of help to you. Thanks for dropping by!

Dave

*****************************************************
"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:Xns999E83960DCAEHHI2948AJD832@69.28.186.121...
> "BoaterDave" <BoaterDave@nospam.invalid> wrote in news:#SIxKkB7HHA.2752
> @TK2MSFTNGP06.phx.gbl:
>
>> Thanks Dustin! (but OE is so much easier for an 'oldie! <g>)
>
> I have good news Dave. Over the past 3 days, I've acquired roughly 20megs
> or so of executable files to go thru, many of which being malicious in
> some
> way shape or form. So I'll finally! Be able to update the BugHunter
> signature database. It's very much out of date currently.

>
> I'd like to thank you for introducing me to this newsgroup as well,
> Several
> people have been kind enough to send in samples for analysis and I
> appreciate the time they spent doing it.
>
> Also, regarding the email you sent me containing the logfile, every single
> item except maybe one is indeed a false alarm and it will be corrected
> with
> the forthcoming BugHunter signature update. Please send along a thank you
> to your friend for the information and assistance in improving the
> program.
>
>
>
> --
> ####################################################
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> Email: bughunter.dustin@gmail.com
> Web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
> ####################################################

Viruses

2Sweet

BoaterDave

Milo \(MSPSS\)

2Sweet

Dustin Cook

Milo \(MSPSS\)

Milo \(MSPSS\)

Milo \(MSPSS\)

Dustin Cook

David Brooks

K.Dee :\)

BoaterDave

BoaterDave

BoaterDave

Dustin Cook

BoaterDave

Dustin Cook

BoaterDave

Similar threads