Undetected Virus.
free web hosting
Free Web Hosting > General Discussion > Computer Talk

Undetected Virus.

timmev
May 6 2008, 06:28 AM
So, on our network at work we have a virus called "rejoice46.exe", but no anti virus, anti spyware, anti anything will pick it up. I googled it, nothing happened.. By standard, we just deleted the file, but it comes back and then stops you from entering certain locations of your hard drive. Obviously, a reformat will rid the system of it, but in a network of over 200 computers, we don't have the time to do this, and reinstall all the programs and data.

Any suggestions? Because at the moment I'm stumped. It feels as if I just have to sit there and let this thing infect our system.

Reply

tansqrx
May 6 2008, 07:16 PM
Many modern virus strains will use random file names as only one way to avoid antivirus detection and to make your life more difficult. Another method is to dynamically recompile themselves so they do not match any known antivirus signature. In order to detect the virus the antivirus vender has to use heuristics.

The more important thing to note is that if you are already infected you can not trust your computer. The virus may have installed a rootkit and in that case your computer is lying to you and the antivirus. Files can be hiding at a lower level than the antivirus can read them. Most security experts agree that if you have been infected no matter what the variant of virus, you automatically reformat and restore from a known good backup. To be safe it sounds like you will be reformatting 200 computers.

Before you do this I would want to know what the virus is so it doesn’t happen again. I would download an antivirus that is capable of making a boot CD. Update the definitions and run it on the infected machine without starting the infected OS (all of the prep work is of course done on a known good machine). A quick search of “rejoice virus” in Google shows one McAfee page that may be of interest. BackDoor-CXI (http://vil.nai.com/vil/content/v_138150.htm)

 

 

 


Reply

TavoxPeru
May 12 2008, 04:01 AM
Try to make an Online Virus Scan from any of your infected machines or send the file you mention to an online malware scan service, a good one i know is Jotti's malware scan, it is a free online service to diagnose single files which use some anti-virus programs including Avast, AVG, ClamAV, F-Prot, F-Secure, Kaspersky, NOD32, Panda, Sophos, etc.

Best regards,

Reply

herenistarion
May 28 2008, 08:24 PM
hrm, the only thing i can suggest if nothing is picking it up is to really reformat..I can't say much, what about a restore?

Reply

wutske
May 29 2008, 09:22 AM
Look for the heuristic scan setting of your firewall and set it to the maximum. This heuristic scan tries to detect new virussen and virusses that change shape.

Reply

Moo64c
May 30 2008, 01:22 PM
Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.
Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.

I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files.

Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...
Sure hope I helped
-Moo64c

Reply

wutske
May 30 2008, 05:43 PM
QUOTE(Moo64c @ May 30 2008, 03:22 PM) *
Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.
Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.

I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files.

Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...
Sure hope I helped
-Moo64c


He's talking about 200 computers that are connected to each other in a network, repeating those steps 200 times and just hoping for the best can hardly be called 'a solution'.

Reply

toby
Jun 5 2008, 05:39 PM
Depends how much network control you have, places like schools can send out stuff (my college sends out virus patches very often), otherwise it'd be a case of a batch file or a googled specific helper, on a usb drive to each machine.

The only way I can think of files replacing themselves is through prefetch, though I can't remember the exact name of this Windows File Protection thingy, it works on things like notepad.

Reply

xboxrulz
Jun 6 2008, 07:03 AM
Usually virus definitions are updated by the antivirus provider and not the college or the organization running the networks. Thus, if you get updates often, thank the antivirus provider, not the organization that is running the networks.

As for deploying systems across the network, it is highly recommended to create an image of the whole system in the event that the system ever gets into trouble like this. You won't have to reinstall all the software if you implement these images. Such software that create these images include Norton Ghost.

xboxrulz

Reply

iGuest-m
Nov 3 2008, 03:25 PM
rejoice
Undetected Virus.

Avg 8 finds backdoor-CXI (rejoice), I just shoved it in the virus vault, and then deleted it. It seems to have worked
Disconnect the computers before you scan them though. Otherwise the virus will spread back to the computers that you've just gotten rid of it from.
If you don't trust avg, you can try this too http://www.Spywaredetector.Net/spyware_encyclopedia/BackDoor.CXI.Htm download the spyware detector there. I'm running it right now, just to make sure

Reply

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

Recent Queries:-
  1. how to make all virus undetected - 11.67 hr back. (1)
  2. how to detect undetected virus - 54.16 hr back. (1)
  3. difference between quick scan and full scan in symantec - 58.92 hr back. (2)
  4. undetected virus - 75.19 hr back. (1)
  5. how to make file undetected by antivirus - 16.76 hr back. (2)
  6. make file undetected by all virus scan - 121.76 hr back. (1)
  7. latest undetected backdoors - 160.44 hr back. (1)
  8. www.undetectedinfo.com - 163.17 hr back. (1)
  9. make files undetected by norton - 170.82 hr back. (1)
  10. undetected.info - 153.99 hr back. (2)
  11. undetected virus download - 198.12 hr back. (1)
  12. make virus undetected - 215.63 hr back. (1)
  13. how to make infected files undetected - 227.57 hr back. (1)
  14. "make virus undetected" - 267.37 hr back. (1)
Similar Topics

Keywords : undetected, virus,

  1. Lsass Virus?
    (6)
  2. Difference Between Virus Protection And Cleaning
    (1)
    There's a difference between Virus Protection and Virus Cleaning. If your shield is set up well
    and kept updated, you will need no cleaning. But what if it happened anyway ? Right - it is too
    late. If you do not prepare you will have to go find a clean computer to get the tools then. My
    advice: get them now. At the latest and for free. * First choice imho is the Mc Afee Avert Stinger
    when it comes to free all-in-one virus-removal tools ... Best, it even fits on a floppy disk if you
    got no usb stick whereto all these recommended cleaners should go - soon. *....
  3. Rampant Virus
    Its worm season! (9)
    I read this on msn, its rather scary! It also tells about the Paris Hilton getting her phone
    contacts stolen! Three sets of e-mails which promise either nude pictures of Paris Hilton, a scary
    offical-looking warning from the FBI, or a secret admirer who says "I love you" have appeared in the
    last two days. They all deliver a package that could grind networks to a halt. Fortunately, none of
    these will reach "Anna Kornikova" worm or "Love" bug proportions but they will take away hours of
    productive work time. Be on the lookout! QUOTE Paris Hilton: An e-mail worm pro....
  4. Outbreak?
    Noticing an increasing virus activity! (2)
    Yesterday I've cleaned out eight JS.Classloader, eight byte...something and eight wintrj! All
    located in the cache of Sun's Java installation!!! How the h**l did they end up there? Today
    when I was coming here, the page froze with lots of CPU-load. Kerio pops up with a bla.exe that
    wants to connect to the world, Yeah right /wink.gif' border='0' style='vertical-align:middle'
    alt='wink.gif' /> I can't find much about bla.exe, I'll guess it's a new one, but
    it's the first time I've got a virus just by opening a webpage. Two full scans in two d....


      5. Looking for undetected, virus,






*SIMILAR VIDEOS*
Searching Video's for undetected, virus,
Watch the latest videos on YouTube.com
advertisement




Undetected Virus.