I ran across a virus problem this week that McAfee was not able to handle. All of this stems from a serious vulnerability just reported by Microsoft:
Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.
Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.
McAfee missed the initial infection but was later able to remove some files. However, I was still left with an undetectable trojan that at the very least was watching what I was doing on the internet and would occasionally give me a popup with ads based on what I was otherwise doing.
Removing the problem
I noticed that 2 DLL files were placed in my /windows/system32 directory roughly at the time the infection took place. After making a backup of these (with a different extension), I then tried to delete the files. Of course, this didn't work because the trojan had a strong hold on the DLL's. Given I have dozens of processes running, I didn't know which one was tied to the DLL's. So my fix was to rename the files, which worked. Now I get a "Can't find DLL file" error upon boot-up, but the popups no longer appear. My conclusion, something in my registry was pointing to the DLL files, but the problem now "should" be fixed.
Threads on Digg
The following 10 threads on Digg have been submitted about this topic. Unfortunately, Digg users have not consolidated comments:
http://www.digg.com/security/Windows_Security_Flaw_is_Severe_
http://www.digg.com/security/more_XP_security._._._
http://www.digg.com/security/Sites_exploit_Windows_image_flaw_2
http://www.digg.com/software/Update_on_the_Critical_Unpatched_Windows_Flaw
http://www.digg.com/security/Exploit_Released_for_Unpatched_Windows_Flaw
http://www.digg.com/security/More_Flaws_in_Anti-virus_Software
http://www.digg.com/software/Symantec,_McAfee_Battle_Flaws
Comments