Attn. Windows Users : Malware Alert
Fogman
Veteran
Joined: 19 Jun 2005
Age: 59
Gender: Male
Posts: 3,986
Location: Frå Nord Dakota til Vermont
There is relatively new piece of Malware entitled 'XP Anti Spyware 2009' that is able to autoinstall via 'driveby' with the Opera web browser. It may also be able to autoinstall via Firefox as well if you are running an XP system. Whether or not this will happen with WinVista is unknown. If you encounter this program, a simple uninstall via it's uninstall selection in the Windows start menu will possibly get this app off of your system.
It also downloads and installs brastk with the command of 'brastk.exe' as a startup item, so if people encounter this piece of malware, they will want to run an MSCONFIG and deselect this item from their startup menu, and reboot accordingly. You may also want to further update the definitions of your malware removal tools to further immunise yourself against this.
I am currently on my Linux computer posting this as I'm running diagnostics on my windows system to ensure that this malware is removed.
_________________
When There's No There to get to, I'm so There!
From http://www.spywareremove.com/removeXPAn ... e2009.html
XP Antispyware 2009, or XPAntispyware2009, is a rogue security program that was found to be installed from a Trojan horse infection or rogue website. Once XP Antispyware 2009 infiltrates your system it may start to annoy you repeatedly with popups or system alert messages used as scare tactics. XP Antispyware 2009 scares you into purchasing a full version of the XP Antispyware 2009 program.
XP Antispyware 2009 does not live up any expectations as it is not able to remove parasites or viruses. XP Antispyware 2009 was also found to be sponsored on XP Antispyware 2009.com which is a site that you should never visit. XP Antispyware 2009 should not be purchased under any conditions. If you have XP Antispyware 2009 on your system then it is recommended that you utilize a reputable spyware scan program in order to locate and remove XP Antispyware 2009 and its files.
The site also features a detailed method of removal.
_________________
The mere fact that science may not yet adequately explain an object, event, or experience does not mean the immediate explanation should automatically default to a conspiratorial, extraterrestrial, paranormal, or supernatural cause.
Fogman
Veteran
Joined: 19 Jun 2005
Age: 59
Gender: Male
Posts: 3,986
Location: Frå Nord Dakota til Vermont
Thanks, I'm using this, and brastk.exe ( a trojan downloader) is gone from that system via Windows defender, but I still had to manually delete a duplicate of the file from c:\\windows\system32.
Furthermore, when the stealth download occured, my system closed all windows and did an auto - reboot which made me suspicious that something bad was happening to my system. --Suspicions verified, and the problem is now solved.
FWIW, the stealth/driveby download occured when I accessed a site for music lyrics. Gone are the days when things like this only occured with IE.
_________________
When There's No There to get to, I'm so There!
Gotta love my *nix systems.
Alt text: We actually stand around the antivirus displays with the Mac users just waiting for someone to ask.
Link: http://xkcd.com/272/
_________________
WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH
A shear coincidence, but I happened to want to test if my ISP was filtering my email today.
It turns out that they will not permit me to send an email with an attached "virus". I have the strong feeling that they may be violating their terms of service with me.
This website is where I obtained the virus. It is the standard EICAR test virus. However, I would strongly recommend that you DO NOT use this site if you have any qualms about it.
http://www.rexswain.com/eicar.html
The site supplies the raw EICAR file, then that file inside a "zip" file, and then again zipped two levels down.
I run Linux, so had no qualms about downloading all three. I then threw them all though ClamAV, which detected the virus in all three cases.
_________________
"Striking up conversations with strangers is an autistic person's version of extreme sports." Kamran Nazeer
richie
Supporting Member
Joined: 9 Jan 2007
Age: 67
Gender: Male
Posts: 30,142
Location: Lake Whoop-Dee-Doo, Pennsylvania
It also downloads and installs brastk with the command of 'brastk.exe' as a startup item, so if people encounter this piece of malware, they will want to run an MSCONFIG and deselect this item from their startup menu, and reboot accordingly. You may also want to further update the definitions of your malware removal tools to further immunise yourself against this.
I am currently on my Linux computer posting this as I'm running diagnostics on my windows system to ensure that this malware is removed.
About a week ago I reported to google a a similar web forgery that put bogus security software and auto installed.....fortunately
the Avast anti crap-ware that I am running got rid of it pretty quickly...upon detection I thought some fire alarm or something had
gone off as it made quite a racket in alerting me..
_________________
Life! Liberty!...and Perseveration!!.....
Weiner's Law of Libraries: There are no answers, only cross references.....
My Blog: http://richiesroom.wordpress.com/
KenithSobel
Yellow-bellied Woodpecker
Joined: 20 May 2008
Age: 40
Gender: Male
Posts: 52
Location: Las Vegas NV
PS. Just to be safe, the site I gave earlier does (or at least did) have the "correct" EICAR test file, as I thought I would just verify:
http://www.eicar.org/anti_virus_test_file.htm
http://en.wikipedia.org/wiki/Eicar_test_virus
As it says on the EICAR site, the essential part of the test file is the first 68 characters, all printable with no lower case letters. In fact, it is just:
(P^)7CC)7}$EICAR-
STANDARD-ANTIVIRU
S-TEST-FILE!$H+H*
where I have deliberately broken it into four blocks of seventeen characters each, just in case any software is stupid enough to register it as a virus inside this message!
The version on the site I gave earlier is (was) 70 bytes long, which is exactly the above string, but with a carriage return and a line feed appended. The file can in fact have any layout characters added, up to a maximum length of 128 bytes.
============
I found it rather interesting that, when I attempted to email the "virus" to a friend, I got a "bounce" message, helpfully telling me that I had attempted to email an attached virus. I did not regard that as too disturbing.
I have just attempted to email the doubly-zipped version to myself, and that has also given me a bounce message saying that my ISP refuses to let me send it. Also not too disturbing - as to be honest, it does stop people who have been compromised by a virus from sending out more copies of that virus (although, the chances are that they received the virus from an email in the first place, so why didn't the ISP block it before it arrived... ho hum... nothing is perfect.)
My ISP was even smart enough to detect the EICAR test inside a bzip2'ed file.
They were also stupid enough to detect is as a virus when it was merely a text string in the body of an email - hence my care to break up the string above, just in case it set off idiotic alarms.
They did let me send it to myself once I had split it into two 34-character lines.
==============
However... my friend up in Scotland is also not permitted (by his ISP) to send viruses... but receives no indication that his emails have not been sent on. I.e. if the virus check were to come up with a false positive on one of his emails, it would just get deleted, and he will have no idea that his email has been thrown away. Not at all good.
_________________
"Striking up conversations with strangers is an autistic person's version of extreme sports." Kamran Nazeer
Really? Cool. I'd be even more impressed if they detected it in an LZMA'd attachment.
_________________
"You can take me, but you cannot take my bunghole! For I have no bunghole! I am the Great Cornholio!"
Really? Cool. I'd be even more impressed if they detected it in an LZMA'd attachment.
So... there's your answer... if you want to send someone a copy of a virus as an attachment, don't forget to lzma it.
My ISP didn't care in the slightest about delivering eicar.com inside my eicar.lzma file.
_________________
"Striking up conversations with strangers is an autistic person's version of extreme sports." Kamran Nazeer
| Similar Topics | |
|---|---|
| Hidden Malware Scanner Tool - MRT |
Yesterday, 10:06 am |
| Windows 11 26H2 is the next big update |
07 Jul 2026, 5:36 am |
| Windows 10 Extended Security Updates for an extra year |
07 Jul 2026, 5:23 pm |
