Realatively new virus!!!! Watch out

Hey guys, I got hit with a new virus:

Trojan:Win32/Daonol.B

Sorry if this is old news to some of you, but it is new to me. I quit running AVG because it is a POS and started running AVAST. Well so far avast has been great.

All morning long it was blocking requests to:

78.110.175.21

And I am not sending traffic there. So instantly I knew something bad was going on. I started googling around. I came to find out that others using avast had similar issues. After further digging looks like it is either java or acrobat exploit that is installing trojan hourse (supposedly) onto users machines. None of the major (or smaller) anti viruses are able to clean this up, and most don't even find the problem. So lots of folks are probably infected and don't know it. Had I not seen the blocked attempts to the above IP I would have had no idea (no performance issues of any kind).

For me the solution was deleting this file:

wdmaud.sys

in the:

C:\WINDOWS\system32

directory.

There is a VALID driver with the same name in that file, and a valid .sys file with the same name in the \drivers dir one level deeper. Do not delete those. Then close the browser, uninstall the YAHOO search bar, restart the browser and clear temp files.

The messages have gone away for now. After reading several other forums this is the "second" generation of this virus, originally it was hiding in some sort of sysaudio files....

Anyway read this link:

for more details:

http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html

and there are tons of other links out there.

Again if this is old news, sorry. I got nailed and to be honest I am not sure if I am 100% clean. But the errors are gone for now.

If anyone has a solution or knows more about this please let me know.

Thanks!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

liven

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t175838.html
http://www.google.com/support/forum/p/Web+Search/thread?tid=41cc2faa1537c68d&hl=en

and dll and install:

noscript

for firefox!!!

liven

further,

some folks are reporting success with:

malwarebytes

detecting the older version, and might as well get rid of new and old right?

Kaminsky

liven wrote: »

Hey guys, I got hit with a new virus:

Trojan:Win32/Daonol.B

Sorry if this is old news to some of you, but it is new to me. I quit running AVG because it is a POS ...

I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!

or

in old Yorkshireman language "yew downt get owt fer nowt ladd !"

Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !

skrpune

Kaminsky wrote: »

I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!

or

in old Yorkshireman language "yew downt get owt fer nowt ladd !"

Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !

There's lots of open source or free software that's great, so I don't think that the cost of a certain piece of software says much of anything about the quality of it. Norton AV has been for sale and has been "popular" for years and, current version notwithstanding, it has borked many a machine that I've worked on personally or for clients in more ways than one.

liven

Kaminsky wrote: »

I'm sure I have been saying this for years but YOU GET WHAT YOU PAY FOR !!!!!

or

in old Yorkshireman language "yew downt get owt fer nowt ladd !"

Never ceases to amaze me why people get suckered into AVG. Compliete piece of shite the first time I saw it !

I have yet to see one commercial piece of anti virus software that was better than some of the free ones (for single end user machines, I am not necessarily talking about enterprise solutions). Sure they have some bells and wistles, if your into that kind of stuff ( I am not).

In fact when I worked as a security professional for the D.O.D we frequently compared all of the major vendors (lots of them have free and subscription services). Norton frequently failed to detect many of the virus that griosoft and others found. In fact AVG was one of the best I had used for years up until about 6 months ago. Then I ditched it for Avast and have been very happy with it as well.

This and numerous other issues with software like norton is exactly why I quit using it years ago.

Further it was Avast that actually noticed and blocked the virus with its network features. Sure Avast wasn't detecting the virus perse but it was protecting me by blocking it from connecting to whatever websites it was trying to reach out to.

Further, all of the big boys (norton, mcaffe etc...) are not detecting this virus either.

So actually I feel good that I didn't get suckered into paying for something that doesn't work!!!

Thanks for the compliment!

liven

skrpune wrote: »

There's lots of open source or free software that's great, so I don't think that the cost of a certain piece of software says much of anything about the quality of it. Norton AV has been for sale and has been "popular" for years and, current version notwithstanding, it has borked many a machine that I've worked on personally or for clients in more ways than one.

I completely agree. And when I started seeing that when it comes to straight up anti virus detection/protection norton, macafee and the likes averaged the same or less proficient than some of the free software, my choice was easy!

But to each his or her own! Just thought I would share my experience because at the moment pretty much all of the vendors are struggling with this virus. Granted it doesn't appear to be very damaging, I don't like others jacking with my system!