Interesting Viruses

Secret_Society · Sep 10, 2013

Hello Tech Forums! I recently ran Hitmanpro and discovered something scary? no interesting! some Trojans here and there and now i am curious what they might do because most of them are unknown for me so if you have any info that would be awesome

1st. Name: opr006BJ.tmp
Location: \AppData\Local\Opera\Opera\cache\ (good going Opera?)

Forensic Cluster: \AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DT8JL5WR\en6deaae.fusa.be\down\

Detection Names: not-a-virus:HEUR: Downloader.Win32.AdLoad.u (could it be so?)

and some other ones by names.
-Virus.Win32.Dracur!IK
-Trojan.Win32.Llac.dcro
-Gen:Variant.Zusy.47696.

So any idea what are these bad boys doing? :Gasp:

-RockMan- · Sep 28, 2013

Secret_Society said:
i am curious what they might do because most of them are unknown for me so if you have any info that would be awesome

1st. Name: opr006BJ.tmp
Location: \AppData\Local\Opera\Opera\cache\
Forensic Cluster: \AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DT8JL5WR\en6deaae.fusa.be\down\

Detection Names: not-a-virus:HEUR: Downloader.Win32.AdLoad.u (could it be so?)

and some other ones by names.
-Virus.Win32.Dracur!IK
-Trojan.Win32.Llac.dcro
-Gen:Variant.Zusy.47696.

So any idea what are these doing?

https://www.microsoft.com/security/...rojanDownloader:Win32/Adload.U&ThreatID=88694

I'll let you reasearch the rest and do the homework about the trojans yourself.

-RockMan- · Oct 21, 2013

DDSPhon said:
why not try searching for it. Control panel, system configuration and find the exact virus, then delete it. See if the procedure works. If it does, solved!

That won't work out the way you think it will.:/
The method you are describing would cause him or you more damages on your os/hdd.
Your best bet and what is recommended by most IT professionals in the industry is let the AV remove it with current virus/malware definitions.

carnageX · Oct 21, 2013

MMike said:
That won't work out the way you think it will.:/
The method you are describing would cause him or you more damages on your os/hdd.
Your best bet and what is recommended by most IT professionals in the industry is let the AV remove it with current virus/malware definitions.

Usually depends on the virus.

If it's a simple downloader or fake AV program, deleting the exe is usually alright to do, and then a supplemental scan with AV/antimalware is recommended.

This practice worked well when I worked for my university's help desk and students would be bombarded with the fake AV infections.

-RockMan- · Oct 23, 2013

carnageX said:
Usually depends on the virus.

If it's a simple downloader or fake AV program, deleting the exe is usually alright to do, and then a supplemental scan with AV/antimalware is recommended.

This practice worked well when I worked for my university's help desk and students would be bombarded with the fake AV infections.

I know you mean well and thank you, but not all fake av program are a simple walk in and delete and everything is all honkey dory.
Sure you may have gotten rid of the fake av, but are you really sure it's not a threat ?
Last time I tried this was over a year ago on my neighbors acer netbook.
Same deal like you mentioned, in his case though the fake av did call in some other infections that I wasn't expecting to happen on the next day.

Thats why I'm telling this other guy in the thread to do it the safe way all the time fake av or not. :/

carnageX · Oct 23, 2013

MikeTech said:
I know you mean well and thank you, but not all fake av program are a simple walk in and delete and everything is all honkey dory.
Sure you may have gotten rid of the fake av, but are you really sure it's not a threat ?
Last time I tried this was over a year ago on my neighbors acer netbook.
Same deal like you mentioned, in his case though the fake av did call in some other infections that I wasn't expecting to happen on the next day.

Thats why I'm telling this other guy in the thread to do it the safe way all the time fake av or not. :/

Which is why I said it depends on the virus and to supplement the manual removal with a definition or heuristic based scan with an AV and antimalware program such as MBAM

.

I've done virus removal so much and for long enough that I've got it down to a fairly quick routine.

stfu_donnie7 · Oct 23, 2013

Download a bunch of AV/Malware programs: Malwarebytes, SuperAnti-spyware, Avast, AVG, RealITpro trial, and Combofix. Download all of this and run through each a couple of times. This will most likely get rid of any unwanted threat you are encountering. You can download the majority of this if you go to Ninite - Install or Update Multiple Apps at Once and select the programs you may want.

carnageX · Oct 23, 2013

stfu_donnie7 said:
Download a bunch of AV/Malware programs: Malwarebytes, SuperAnti-spyware, Avast, AVG, RealITpro trial, and Combofix. Download all of this and run through each a couple of times. This will most likely get rid of any unwanted threat you are encountering. You can download the majority of this if you go to Ninite - Install or Update Multiple Apps at Once and select the programs you may want.

Multiple active AV's are not recommended as they can conflict with each other and cause other issues.

stfu_donnie7 · Oct 23, 2013

Oh, yeah I forgot to say install one, then uninstall it before you run other AV software. You can run anti-spyware, or anti-malware along with 1 AV software. Combofix will usually do a pretty good job. I recommend running that in safe mode, and AV disabled to run properly. I'm sorry I am not going in to enough depth with my responses because I am at my job right now.

Interesting Viruses

Secret_Society

Solid State Member

-RockMan-

Banned

-RockMan-

Banned

carnageX

Private Joker,

-RockMan-

Banned

carnageX

Private Joker,

stfu_donnie7

Baseband Member

carnageX

Private Joker,

stfu_donnie7

Baseband Member

Similar threads