LinkBack URL
About LinkBacks
Hi - sorry this is going to be long.
A friend of mine was using her laptop earlier today, she was looking at her uni webmail when a webpage came up apparently from the system administrator (we are on a uni internet connection) saying that something had expired. This gave a zip file to download, called important-details.zip she opened it and ran it, the file in the zip was called important-details.zip .pif she was running a DOS program instead of a .txt file.
I went round and had a look. I tried to look in the taskmanager, but it would load up then close very quickly, norton antivirus wouldnt load up either, neither would the regedit. I tried to search the hard drive for "important-details" but that came back empty.
Finally i thought a reboot may be helpful in some way. So i hit reboot and an "end program" thing came up, it didnt say what program it was for. However i could use the regedit, task manager, and norton when the computer was in this state of near shut down; with very few (all windows) processes running. So i tried to hunt down the virus again, but failed as i couldnt find it anywhere!
I then tried to open the .pif with notepad (as she was clearly infected), i managed to get mzkernel32.dll from it but nothing else - dont really know what i expecting to achieve, but you never know. There is only 1 result on google for this file (http://lists.gnetlibrary.org/piperma...ay/000420.html) i have no idea what is it talking about.
Her access to the internet has been stopped, i think that maybe the administrator, as what would be the usefulness of a virus stopping the internet? surely they want the remote access?
The Norton scan i ran also threw up these other files which i am just checking out on the net now:
pingchek.exe
crime[1].exe
payload.dat
rundll82.exe
Sorry for the lengthy post, but does anyone have any idea what this virus is and how to remove it?
Thanks very much guys
Hope you can help
Will.
Reply With Quote
