Results 1 to 11 of 11

Thread: Kazaa Virus, _nero_6.6

  1. #1
    Goron goron Kumagoro's Avatar
    Join Date
    Mar 2004
    Posts
    3,107
    Thanks
    37
    Thanked
    153 times in 126 posts

    Kazaa Virus, _nero_6.6

    Come back from a friends who I suspect has a virus but isnt found by
    norton or trendmicro even in safe mode.

    The virus looks like this in the kazaa share folder.

    _nero_6.6 or _nero_6.6_KeyGen it duplicates itself exactly and as similar
    things for example _autocad_2005 or _doom_3 etc.

    You can only find the files once activated in safe mode. Also i saw something
    called _textpad when using the open file with option on right click of files.

    _textpad is listed in symantec as frutca trojan but it doesnt seem to pick it
    up with this nero thing.

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    have you tried an online virus scan like http://housecall.trendmicro.com ? I'd also thnik about uninstalling Kazaa , completely removing the directory (including "My Shared Files" ) and reinstalling.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    cat /dev/null streetster's Avatar
    Join Date
    Jul 2003
    Location
    London
    Posts
    4,138
    Thanks
    119
    Thanked
    100 times in 82 posts
    • streetster's system
      • Motherboard:
      • Asus P7P55D-E
      • CPU:
      • Intel i5 750 2.67 @ 4.0Ghz
      • Memory:
      • 4GB Corsair XMS DDR3
      • Storage:
      • 2x1TB Drives [RAID0]
      • Graphics card(s):
      • 2xSapphire HD 4870 512MB CrossFireX
      • PSU:
      • Corsair HX520W
      • Case:
      • Coolermaster Black Widow
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • DELL U2311
      • Internet:
      • Virgin 50Mb
    load up regedit, check for whats in:
    HKEY_Current_User/Software/Microsoft/Windows/CurrentVersion/Run (and RunOnce)

    and also

    HKEY_LocalMachine/SOFTWARE/Microsoft/Windows/CurrentVersion/Run (and RunOnce)

    for anything which looks like it could be a virus, kill them from Task Manager, delete them, then delete any registry entries of them... also check the 'startup' directory in the startmenu... and like moby says try the housecall online virus scan, tis rather useful ive found

    hth

  4. #4
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts
    The thread starter wants help removing a virus, not help with illegal activities. I'm not going to ask HOW those files got on there - worms spread in various ways. IF somebody were to advertise that it was the result of illegal activities, then fair enough we'd stamp that out, however that's not the case here - the guy just wants some help to clean the system up.

    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  5. #5
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,276
    Thanks
    292
    Thanked
    837 times in 473 posts
    Indeed it is a trojan, my mistake.

    That doesn't change the fact that all the guy wants is help!

    Kumagoro - have you tried turning off systrem restore? Also try installing AVG Free Edition www.avgfree.com
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  6. #6
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,665
    Thanks
    53
    Thanked
    385 times in 314 posts
    OK thread cleared up. Anything not strictly on topic ( ie how to remove said malware from Kuragoro's Mate's PC ) gets nuked.

    it seems odd that Sophos makes no mention of this malware , but similar worms/trojans seem to have a very long list of spoof titles , inculding some freeware utils.

    what is more worrying is that some of the variants share out folders you might not want shared. I'd advise uninstalling any p2p apps on the system for starters.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  7. #7
    Studmuffin Flibb's Avatar
    Join Date
    Jul 2003
    Location
    Kent
    Posts
    4,904
    Thanks
    31
    Thanked
    324 times in 277 posts
    • Flibb's system
      • Motherboard:
      • Gigabyte GA-970A-UD3
      • CPU:
      • AMD FX-6300
      • Memory:
      • 16GB Crucial Ballistix DDR3 PC3-12800
      • Storage:
      • Samsung SSD 840 EVO 250G
      • Graphics card(s):
      • 3GB MSI Radeon HD 7950 Twin Frozr
      • PSU:
      • FSP
      • Operating System:
      • Win7 64bit
      • Monitor(s):
      • Deffl TFT thing
    Try Avast antivirus. its free and I find better fot trojans than other anti virus. It also has a scan on boot mode that gets in before your OS loads.

    Also make sure he has a firewall.

  8. #8
    Almost in control. autopilot's Avatar
    Join Date
    Dec 2004
    Location
    Region 2
    Posts
    4,071
    Thanks
    51
    Thanked
    12 times in 11 posts
    might be worth try spybot search & destroy and adaware?

  9. #9
    Goron goron Kumagoro's Avatar
    Join Date
    Mar 2004
    Posts
    3,107
    Thanks
    37
    Thanked
    153 times in 126 posts
    Im not sure how my friend got it i just noticed these similar looking files in kazaa the programs of which he doesnt have. the nero one being the first i noticed.

    His fully up to date legal norton didnt pick it up. I tried house call which is trendmicro i think. At home i tried the panda online one, that picked up a virus/trojan but i think
    it was for a different nero file i found on kazaa i couldnt remember at the time which it was so it could have been a different one. Later i found it on kazaa and it is everywhere now many different program names all starting with _
    I havent yet had time to scan it.

    Im going to try other online scanners to see what is found. I tried removing stuff from the reg but you know its hard to know what is supposed to be there or not.

    im going to get him to try the other scanners and adaware etc too.
    System restore is already off.

    This is not about where to get a keygen or crack its about things which arnt picked
    up I just thought i should let others know so they can have a look at theirs and friends
    etc im sure most people here are asked to help out friends who will click on anything.

    anyway i have to hurry up and go out see ya and happy new year people.

  10. #10
    Senior Trouble Maker muddyfox470's Avatar
    Join Date
    Jul 2004
    Location
    moving to Suffolk
    Posts
    3,103
    Thanks
    104
    Thanked
    46 times in 39 posts
    • muddyfox470's system
      • Motherboard:
      • Abit I-N73HD
      • CPU:
      • E4500
      • Memory:
      • 4Gb PC6400 Corsair ?
      • Storage:
      • 2 x Seagate 7200.12 500Gb and 1 x Hitachi 7k1000.b 750gb
      • Graphics card(s):
      • Powercolor 4850
      • PSU:
      • Corsair HX520W
      • Case:
      • Silverstone SG-01e
      • Monitor(s):
      • Fujitsu D22W-1
      • Internet:
      • BT Home
    and the moral of the story is?????
    Mac fancier > white macbook base spec .................. CS: muddyfirebang

  11. #11
    Goron goron Kumagoro's Avatar
    Join Date
    Mar 2004
    Posts
    3,107
    Thanks
    37
    Thanked
    153 times in 126 posts
    So far this is what i have found out,

    www.kaspersky.com/scanforvirus
    www.pandasoftware.com/activescan/activescan
    www.bitdefender.com/scan/licence.php

    all pick it up as backdoor.agent.ek

    trendmicro housecall and norton still dont pick it up. Looks like ill be using the
    online panda one from now on then.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Is anti virus software worth it?
    By ives in forum Software
    Replies: 70
    Last Post: 17-08-2005, 06:43 PM
  2. MP3 virus alert.
    By Dorza in forum General Discussion
    Replies: 16
    Last Post: 26-04-2004, 05:25 PM
  3. Netskyb virus...
    By streetster in forum General Discussion
    Replies: 18
    Last Post: 10-03-2004, 04:00 PM
  4. The AOL virus :D
    By Alex in forum General Discussion
    Replies: 2
    Last Post: 07-02-2004, 04:10 AM
  5. Svchostc problems – possible virus
    By Jimmy Little in forum Software
    Replies: 10
    Last Post: 10-12-2003, 10:27 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •