Jump to content
xisto Community
timmev

Undetected Virus.

Recommended Posts

So, on our network at work we have a virus called "rejoice46.exe", but no anti virus, anti spyware, anti anything will pick it up. I googled it, nothing happened.. By standard, we just deleted the file, but it comes back and then stops you from entering certain locations of your hard drive. Obviously, a reformat will rid the system of it, but in a network of over 200 computers, we don't have the time to do this, and reinstall all the programs and data. Any suggestions? Because at the moment I'm stumped. It feels as if I just have to sit there and let this thing infect our system.

Share this post


Link to post
Share on other sites

Many modern virus strains will use random file names as only one way to avoid antivirus detection and to make your life more difficult. Another method is to dynamically recompile themselves so they do not match any known antivirus signature. In order to detect the virus the antivirus vender has to use heuristics. The more important thing to note is that if you are already infected you can not trust your computer. The virus may have installed a rootkit and in that case your computer is lying to you and the antivirus. Files can be hiding at a lower level than the antivirus can read them. Most security experts agree that if you have been infected no matter what the variant of virus, you automatically reformat and restore from a known good backup. To be safe it sounds like you will be reformatting 200 computers.Before you do this I would want to know what the virus is so it doesn’t happen again. I would download an antivirus that is capable of making a boot CD. Update the definitions and run it on the infected machine without starting the infected OS (all of the prep work is of course done on a known good machine). A quick search of “rejoice virus” in Google shows one McAfee page that may be of interest. BackDoor-CXI (http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=138150)

Share this post


Link to post
Share on other sites

Try to make an Online Virus Scan from any of your infected machines or send the file you mention to an online malware scan service, a good one i know is Jotti's malware scan, it is a free online service to diagnose single files which use some anti-virus programs including Avast, AVG, ClamAV, F-Prot, F-Secure, Kaspersky, NOD32, Panda, Sophos, etc.

Best regards,

Share this post


Link to post
Share on other sites

Look for the heuristic scan setting of your firewall and set it to the maximum. This heuristic scan tries to detect new virussen and virusses that change shape.

Share this post


Link to post
Share on other sites

Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files. Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...Sure hope I helped-Moo64c

Share this post


Link to post
Share on other sites

Well, here's what I usually do: start the computer in safe mode, open msconfig.exe (start->run->msconfig) go to startup tab. Look for anything suspecious, or just disable everything.Google some of the suspecious-looking files (on another computer), delete them manually (still safe mode) run the system in normal mode and hope for the best.

I'd recommend you do a quick scan with Ad Aware (free version on download.com) and/or an online virus scan (McAfee, Norton...) it helps a lot in finding those suspecious files.

Hey, this worked for me two days ago, I'm still not sure what kind it was but it's gone now...
Sure hope I helped
-Moo64c


He's talking about 200 computers that are connected to each other in a network, repeating those steps 200 times and just hoping for the best can hardly be called 'a solution'.

Share this post


Link to post
Share on other sites

Depends how much network control you have, places like schools can send out stuff (my college sends out virus patches very often), otherwise it'd be a case of a batch file or a googled specific helper, on a usb drive to each machine.The only way I can think of files replacing themselves is through prefetch, though I can't remember the exact name of this Windows File Protection thingy, it works on things like notepad.

Share this post


Link to post
Share on other sites

Usually virus definitions are updated by the antivirus provider and not the college or the organization running the networks. Thus, if you get updates often, thank the antivirus provider, not the organization that is running the networks.As for deploying systems across the network, it is highly recommended to create an image of the whole system in the event that the system ever gets into trouble like this. You won't have to reinstall all the software if you implement these images. Such software that create these images include Norton Ghost.xboxrulz

Share this post


Link to post
Share on other sites

rejoice

Undetected Virus.

 

Avg 8 finds backdoor-CXI (rejoice), I just shoved it in the virus vault, and then deleted it. It seems to have worked

Disconnect the computers before you scan them though. Otherwise the virus will spread back to the computers that you've just gotten rid of it from.

If you don't trust avg, you can try this too http://thespywaredetector.com/MostPreThreat.aspx download the spyware detector there. I'm running it right now, just to make sure

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.