Realatively new virus!!!! Watch out
Hey guys, I got hit with a new virus:
Trojan:Win32/Daonol.B
Sorry if this is old news to some of you, but it is new to me. I quit running AVG because it is a POS and started running AVAST. Well so far avast has been great.
All morning long it was blocking requests to:
78.110.175.21
And I am not sending traffic there. So instantly I knew something bad was going on. I started googling around. I came to find out that others using avast had similar issues. After further digging looks like it is either java or acrobat exploit that is installing trojan hourse (supposedly) onto users machines. None of the major (or smaller) anti viruses are able to clean this up, and most don't even find the problem. So lots of folks are probably infected and don't know it. Had I not seen the blocked attempts to the above IP I would have had no idea (no performance issues of any kind).
For me the solution was deleting this file:
wdmaud.sys
in the:
C:\WINDOWS\system32
directory.
There is a VALID driver with the same name in that file, and a valid .sys file with the same name in the \drivers dir one level deeper. Do not delete those. Then close the browser, uninstall the YAHOO search bar, restart the browser and clear temp files.
The messages have gone away for now. After reading several other forums this is the "second" generation of this virus, originally it was hiding in some sort of sysaudio files....
Anyway read this link:
for more details:
http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html
and there are tons of other links out there.
Again if this is old news, sorry. I got nailed and to be honest I am not sure if I am 100% clean. But the errors are gone for now.
If anyone has a solution or knows more about this please let me know.
Thanks!
Trojan:Win32/Daonol.B
Sorry if this is old news to some of you, but it is new to me. I quit running AVG because it is a POS and started running AVAST. Well so far avast has been great.
All morning long it was blocking requests to:
78.110.175.21
And I am not sending traffic there. So instantly I knew something bad was going on. I started googling around. I came to find out that others using avast had similar issues. After further digging looks like it is either java or acrobat exploit that is installing trojan hourse (supposedly) onto users machines. None of the major (or smaller) anti viruses are able to clean this up, and most don't even find the problem. So lots of folks are probably infected and don't know it. Had I not seen the blocked attempts to the above IP I would have had no idea (no performance issues of any kind).
For me the solution was deleting this file:
wdmaud.sys
in the:
C:\WINDOWS\system32
directory.
There is a VALID driver with the same name in that file, and a valid .sys file with the same name in the \drivers dir one level deeper. Do not delete those. Then close the browser, uninstall the YAHOO search bar, restart the browser and clear temp files.
The messages have gone away for now. After reading several other forums this is the "second" generation of this virus, originally it was hiding in some sort of sysaudio files....
Anyway read this link:
for more details:
http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html
and there are tons of other links out there.
Again if this is old news, sorry. I got nailed and to be honest I am not sure if I am 100% clean. But the errors are gone for now.
If anyone has a solution or knows more about this please let me know.
Thanks!
encrypt the encryption, never mind my brain hurts.
Comments
-
liven
Member Posts: 918
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t175838.html
http://www.google.com/support/forum/p/Web+Search/thread?tid=41cc2faa1537c68d&hl=en
and dll and install:
noscript
for firefox!!!encrypt the encryption, never mind my brain hurts. -
liven
Member Posts: 918
further,
some folks are reporting success with:
malwarebytes
detecting the older version, and might as well get rid of new and old right?encrypt the encryption, never mind my brain hurts. -
Kaminsky
Member Posts: 1,235
Hey guys, I got hit with a new virus:
Trojan:Win32/Daonol.B
Sorry if this is old news to some of you, but it is new to me. I quit running AVG because it is a POS ...
I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!
or
in old Yorkshireman language "yew downt get owt fer nowt ladd !"
Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !Kam. -
skrpune
Member Posts: 1,409
There's lots of open source or free software that's great, so I don't think that the cost of a certain piece of software says much of anything about the quality of it. Norton AV has been for sale and has been "popular" for years and, current version notwithstanding, it has borked many a machine that I've worked on personally or for clients in more ways than one.I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!
or
in old Yorkshireman language "yew downt get owt fer nowt ladd !"
Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !Currently Studying For: Nothing (cert-wise, anyway)
Next Up: Security+, 291?
Enrolled in Masters program: CS 2011 expected completion -
liven
Member Posts: 918
I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!
or
in old Yorkshireman language "yew downt get owt fer nowt ladd !"
Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !
I have yet to see one commercial piece of anti virus software that was better than some of the free ones (for single end user machines, I am not necessarily talking about enterprise solutions). Sure they have some bells and wistles, if your into that kind of stuff ( I am not).
In fact when I worked as a security professional for the D.O.D we frequently compared all of the major vendors (lots of them have free and subscription services). Norton frequently failed to detect many of the virus that griosoft and others found. In fact AVG was one of the best I had used for years up until about 6 months ago. Then I ditched it for Avast and have been very happy with it as well.
This and numerous other issues with software like norton is exactly why I quit using it years ago.
Further it was Avast that actually noticed and blocked the virus with its network features. Sure Avast wasn't detecting the virus perse but it was protecting me by blocking it from connecting to whatever websites it was trying to reach out to.
Further, all of the big boys (norton, mcaffe etc...) are not detecting this virus either.
So actually I feel good that I didn't get suckered into paying for something that doesn't work!!!
Thanks for the compliment!encrypt the encryption, never mind my brain hurts. -
liven
Member Posts: 918
There's lots of open source or free software that's great, so I don't think that the cost of a certain piece of software says much of anything about the quality of it. Norton AV has been for sale and has been "popular" for years and, current version notwithstanding, it has borked many a machine that I've worked on personally or for clients in more ways than one.
I completely agree. And when I started seeing that when it comes to straight up anti virus detection/protection norton, macafee and the likes averaged the same or less proficient than some of the free software, my choice was easy!
But to each his or her own! Just thought I would share my experience because at the moment pretty much all of the vendors are struggling with this virus. Granted it doesn't appear to be very damaging, I don't like others jacking with my system!encrypt the encryption, never mind my brain hurts.
