MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

What is a computer virus?

Alert: Computer Virus Outbreaks

AVG Alternative Update URL

AVG Anti-Virus 7 FE

AVG Anti-Virus 7.5

AVG Email Server Edition

AVG File Server Edition

How to - Avoid Getting Infected

How to - Disabling System Restore

How to - Put Windows in Safe Mode

MAC OS X Anti-Virus

Removal of Trojan

Removing File Locked by OS

Stop the virus Ping-Pong

The real thing !

Viruses: Email-borne

Viruses: On-line Scanners
Home » Virus Protection » 

Randon Virus

I was slack and this virus hit our web server pool.  All our 3 web servers were infected.  Luckily, I noticed a day after the trojan was installed and my anti-virus prevented the it from damaging other files.

d0g.exe (HideWindow Worm/Randon)
attack via port 455 (MRC)
d0g.exe download into c:\winnt
executed and created c:\winnt\msys folder and program extracted
by.exe executed
but block by AV program (thank god!)
http://www.google.com.sg/search?q=worm+randon&ie=UTF-8&oe=UTF-8&hl=en
http://www.viruslibrary.com/virusinfo/Worm.Win32.Randon.htm

The remedial action I took:

  • delete d0g.exe program and restart the machine
  • change everyone full rights to administrator full rights
  • change everyone readonly for c:\; c:\winnt + subfolder
  • close port 455
  • In addition, I my router port 455 to 192.168.1.254 (bogus ip)

This page is sponsored by yezee.com
Read a book today!
The Tradition of the Trojan War by Jonathan S. Burgess

More virus removal technique:

Removal of Beagle (Bagle ) virus
It propagates via email.  

Removal of Blaster Worm ( MSBlast + Nachi ) virus
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it.  

Removal of Mydoom virus

Removal of Trojan BackDoor-AQF.DLL

Removal of Trojan horse Downloader.Small.AJY virus

Removal of Exploit-ByteVerify virus
This virus spreads by inserting a bit of HTML code into every message sent through Microsoft Outlook Express. This is accomplished by creating a new HTML file, and setting it as the default signature file used by Outlook Express. This virus exploits an Internet Explorer vulnerability in order to propagate.  

Removal of JS/Fortnight@M Virus
This script virus resides on a web page, which was recently removed. When users visited this page, a link to a pay-per-click webpage was appended to their email signature file.  

Removal of W32.Bugbear.b@MM
This is a complex worm that contains many different elements: Mass-mailer, Network Share Propagator, Keylogger, Remote Access Trojan, Polymorphic Parasitic File Infector, Security Software Terminator.  

Removal of W32/Sobig virus
This worm bears strong similarities to W32/Sobig.c@MM. It propagates via email and over network shares. It contains its own SMTP engine for constructing outgoing messages.  


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.