phim nguoi lon exe or secret exe phim nguoi lon exe or secret exe Dommer75 by krx14451

VIEWS: 419 PAGES: 3

									phim nguoi lon.exe or secret.exe


          Dommer75 1 posts since
Feb 25, 2008 Just curious if anyone has run into these two files? All I could find one some stuff on google but it was
in Vietnamese so I couldn't get much out of it.

I work for a camera shop and I noticed the first file showing up on people's memory cards on one of my computers.
Found it kind of odd. I tried it on another computer and the security software that was installed on it said both of
these files were trying to write to cards on my card reader even when there were no cards there. This is about all I
can figure it does.

Any info would be nice on this and how to make sure it stays off our computers short of doing a complete reghosting
of the drive.

Thanks.
Dom


         paullotion 2,006 posts since
Apr 13, 2006 1. RE: phim nguoi lon.exe or secret.exe Feb 26, 2008 4:44 AM
Dom

Send the files to the lab,if.
http://vil.nai.com/vil/submit-sample.aspx
Or
https://www.webimmune.net/default.asp

You can also upload them to VirusTotal:
http://www.virustotal.com/
The Black Bear

*Important News for BT/TalkTalk customers*

BT/TalkTalk dump Phorm spyware, for more information see this article      Here     , also visit the   NODPI
website for much more information relating to DPI.


         afterdarc 2 posts since
Mar 17, 2008 2. RE: phim nguoi lon.exe or secret.exe Mar 17, 2008 6:54 PM
I work at a camera shop as well. I've seen this virus and it spreads once you stick a memory card into your card
reader and vice versa to computer. I believe it was spread via photoframe. It's a backdoor trojan that attaches itself
to rundll.32.exe and shell32.dll. I brought it home not knowing it was on my memory card and now my computer
has been out of commission for 5 days. I brought my computer to the shop and they couldn't figure it out. I deleted it
from my system and it gave me the login logout loop in windows login. It spread to my BIOS and I now need a new
motherboard. We actually reformatted our work computer and it showed back up, so it must be BIOS resident. I know
how to recover from viruses, but this one is just nasty. It's costing me time and money. Not a good thing.




Generated by Jive SBS on 2010-06-22-06:00
                                                                                                                         1
phim nguoi lon.exe or secret.exe




         afterdarc 2 posts since
Mar 17, 2008 3. RE: phim nguoi lon.exe or secret.exe Mar 17, 2008 7:03 PM
I work at a camera shop as well. I've seen this virus and it spreads once you stick a memory card into your card
reader and vice versa to computer. I believe it was spread via photoframe. It's a backdoor trojan that attaches itself
to rundll.32.exe and shell32.dll. I brought it home not knowing it was on my memory card and now my computer
has been out of commission for 5 days. I brought my computer to the shop and they couldn't figure it out. I deleted it
from my system and it gave me the login logout loop in windows login. It spread to my BIOS and I now need a new
motherboard. We actually reformatted our work computer and it showed back up, so it must be BIOS resident. I know
how to recover from viruses, but this one is just nasty. It's costing me time and money. Not a good thing.


         paullotion 2,006 posts since
Apr 13, 2006 4. RE: phim nguoi lon.exe or secret.exe Mar 18, 2008 7:21 AM

   in response to: afterdarc According to Sophos: Troj/Delf-LW then proceeds to attempt to delete every file and
folder on the entire system, while displaying a progress bar entitled "Updating System Configuration".
Once Troj/Delf-LW has finished deleting files, it displays a message saying "Yedinmi Yarraaa?".
http://www.sophos.com/security/analyses/viruses-and-spyware/trojdelflw.html

Do you still have the files on your PC?
The Black Bear

*Important News for BT/TalkTalk customers*

BT/TalkTalk dump Phorm spyware, for more information see this article          Here      , also visit the   NODPI
website for much more information relating to DPI.


         greddy 1 posts since
May 26, 2008 5. RE: phim nguoi lon.exe or secret.exe May 26, 2008 1:13 AM
hi all,

I also have this virus, but my Norton 2003 with updated definitions did not pick it up.

What is weird is that all my files are still here, nothing has been deleted (or so I don't think so). I have had it for about
a week now. My BIOS has a password too.

Now every USB I put into my computer gets the virus but thankfully it doesn't spread. My laptop which has no
internet connection or antivirus has had my USB plugged into it but still all its files are there.

I want to know how can I delete it from my USB? (I quarantened it with norton and deleted the file but it just comes
back). Also I checked my registery but i couldnt find "secret" in there.

I did some research but not many websites say anything about this virus. Some say it is also known as secret.exe

I really want stop this from going to all my USB's can you please help me

                                                                                                                                sad




Generated by Jive SBS on 2010-06-22-06:00
                                                                                                                            2
phim nguoi lon.exe or secret.exe




         MediaProduction 1 posts since
Feb 24, 2010 6. Re: phim nguoi lon.exe or secret.exe Feb 24, 2010 4:28 PM

I found this thread when I was researching this virus and wanted to add my experience with
it. I have a Media class with HDD camcorders and video editing computers. We picked this
up from someone's (a high school student) USB stick, IPod or wherever. We were on the
internet briefly, but my editing computers don't have virus protection (long story) but I think it
came from a stick drive or someone's personal HDD camcorder. We have seen little damage
but weird stuff is starting to happen more than a month after the infection. Today a student
couldn't find their still pictures in the designated DCIM file. I can clean the camcorders off
with my office school computer, but when they go back to the editing computers they reinfect
each other. So today I cleaned off the camcorder and was able to retrieve the still pictures
onto another drive, but you still can't see the pictures on the camcorder itself. The virus
moves/deletes/hides the containing folder but seems to retain the images but doesn't seem
to bother the video (maybe that is next). We didn't know if we were even going to bother
removing it but now that it has started hiding files we are going to try to kill it. An interesting
part of the problem is that it infects media devices but not our big portable hard drives. All of
our 500 GB and terabyte drives don't get the virus.

Another very interesting issue is that you can actually see the virus on the camcorders. It
appears either as secret.exe or the other one and with companion files, either autorun.inf
or an AV_Info folder. I truly hate this virus! I will update this post when we get it cleaned to
see what it has damaged. So far the computers are fine because they aren't on the internet.
I think this virus is just waiting to be spread so without resources it hasn't slowed us down or
hurt our video projects.




Message was edited by: MediaProduction on 2/24/10 4:28:17 PM CST




Generated by Jive SBS on 2010-06-22-06:00
                                                                                                  3

								
To top