[dba-Tech] Virus trying to get in...

Rocky Smolin rockysmolin at bchacc.com
Fri May 22 23:07:30 CDT 2009


Why would it never happen on a Linux/BSD system?  Because they're not
targeting it?  OR because Linux/BSD doesn't have vulnerabilities to viruses
or Trojans?

Rocky
 

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jim Lawrence
Sent: Friday, May 22, 2009 8:27 PM
To: 'Discussion of Hardware and Software issues'
Subject: [dba-Tech] Virus trying to get in...

Hi All:

Has anyone experienced the 'Spyware Protect 2009' trojan/virus? It had
started on a client's site but according to the following link it was not
fully installed:
http://www.xp-vista.com/spyware-removal/spyware-protect-2009-removal

A client sort of caught it part way through the insertion process along with
the oline protection software, 'Windows OneCare' and the installation did
not complete. The core of 'Spyware Protect 2009' app would keep prompting to
be installed. (Something like a vampire that will not come in unless
invited?)

Hopefully I have got rid of it as the prompting app is a thing called
sysguard.exe, hidden, read-protected and stashed in the Windows directory
(It has to be deleted from the command prompt when in 'safe mode') and it is
activated through a standard entry in the registry:
HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/Sysguard.exe

How the code got in I have no idea, though one site suggested it may have
come through some codec pacted in a graphic file. The original source is
supposed to be out of Russia but it is appearing up everwhere.
 
Considering the desktop was running run-time-protection, windows firewall,
had all the current updates, the client was running it only in user mode and
it switched to running at 'system' level; it just goes to show weak the
system and all the protection really is... this would never happen on a
Linix/BSD system.

Sorry to sound grumpy but it took two hours to uncover and remove and I was
late for supper... and the client was very grumpy while I had to stay cool
and calm.

Jim

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com




More information about the dba-Tech mailing list