My friends and family support duties were again called on today. An old friends of mine Microsoft Windows 2000 professional operating system was behaving very strangely. The PC itelf was an Pentium 3 Dell optiplex 400 GXi with 256meg of ram, this previously had zipped along very well and was protected from viruses by AVG free edition but only had an anti spyware scanning utility from Adaware.
On investigation i found a rather nasty virus (see below on trend micro's site)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.ZH&VSect=T
The virus/trojan had backdoor capabilities and could be remote controlled from an IRC backend - NASTY. You can read how the virus operates above, its a real humdinger. I manged to remove it by booting into safe mode, running sysinternals 'autoruns' and disbabling the registry entry under 'image hijack', i then deleted the file it had associated with 'spooles32.exe'. I then installed fresh copies of AVG anti virus free edition (home use pc) and the very cool 'ewido' scanner. This last stage was removing the spyware elements for 'findthewebsitesyouneed.com' browser hijack. The whole project took a few hours, of in my view wasted time. I am trying to convince my pal to either switch to Linux or at least upgraede to XP to use the Windows definder protection, either way its at least another £80 that will need to be spent on securing a 'professional' operating system - (Sick)
Sunday, June 11, 2006
Subscribe to:
Posts (Atom)
Posts
