Posts Tagged ‘Malware’

IMPORTANT COMPUTER SECURITY ALERT!

Thursday, March 31st, 2011

If you can’t remove win32:malware-gen this is how we did it.

NMP Consulting has encountered an aggressive new variant on the Malware0gen virus.  This new version is extremely difficult to remove.

The trickiest thing about this virus is that it creates and implements a seemingly legitimate Windows Service called “Windows System Express”.  That service must first be disabled in order to locate and remove the hidden system file located in the system 32 directory.

If you suspect you are infected with this virus, please call us immediately (614) 358-5814

DETAILS:
The fake Windows Service was called “Windows System Express”.  It had a seeming legitimate description having to do with optical scanning.  It continuously generated processes with random filenames with names like “lib1614.exe”.  These files were found and removed by the antivirus program, however the program was unable to remove the core file, which was “wsynelib.exe” because it was being used by the service.

In order to remove it:
1. Stop service.
2. Search for hidden files in system32.
3. Find wsynelib.exe and  wysyndlib.exe.
4. Remove system and hidden file attributes from those files.
5. Those files can then be removed by the antivirus program.

Tags: , ,
Posted in Uncategorized | No Comments »

The Clampi Virus and other Malware

Tuesday, September 22nd, 2009

There is a rash of news recently about an old virus, the Clampi virus. It is designed to run and do little until the user logs into an online banking site. It then captures the username and password of the person logging in and sends it off to the malware writers who use the information to withdraw money from the victim’s account.

This is really nothing new.

Viruses and other malware of this type have been around for a long time. Either through programs that do similar things, including capturing keystrokes, to “Phishing” attacks, which are specially crafted e-mails that trick users into visiting websites that look legitimate, but actually are fraudulent copies of the genuine site.

The removal instructions for this virus are the same as for most others, turn off system restore, boot in safe mode, run scans, and clean out the registry of the data the virus inserts. Since most new malware uses dynamic naming, that is the name of the program file for the virus is random, you can’t immediately identify which file it is.

Due to multiple vulnerabilities within Windows itself, it is often too late once the victim has visited the website to protect the computer. It is better if it is blocked before it enters your business network.

NMP has a security product, the NMP Expanse, that will intercept and block viruses, spyware, trojan programs, phishing attacks, spam, and other bad data from ever reaching the inside of your network. Best of all, it can be installed without having to reconfigure your network. It can sit quietly and filter all of the traffic going both in and out of your network.

While you still need software on your desktop to protect your system, it is most effective to block the attacks before they ever reach your computer.

Tags: , , , , ,
Posted in Security, Virus Protection | No Comments »