Rocky Smolin
rockysmolin at bchacc.com
Fri May 22 23:07:30 CDT 2009
Why would it never happen on a Linux/BSD system? Because they're not targeting it? OR because Linux/BSD doesn't have vulnerabilities to viruses or Trojans? Rocky -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jim Lawrence Sent: Friday, May 22, 2009 8:27 PM To: 'Discussion of Hardware and Software issues' Subject: [dba-Tech] Virus trying to get in... Hi All: Has anyone experienced the 'Spyware Protect 2009' trojan/virus? It had started on a client's site but according to the following link it was not fully installed: http://www.xp-vista.com/spyware-removal/spyware-protect-2009-removal A client sort of caught it part way through the insertion process along with the oline protection software, 'Windows OneCare' and the installation did not complete. The core of 'Spyware Protect 2009' app would keep prompting to be installed. (Something like a vampire that will not come in unless invited?) Hopefully I have got rid of it as the prompting app is a thing called sysguard.exe, hidden, read-protected and stashed in the Windows directory (It has to be deleted from the command prompt when in 'safe mode') and it is activated through a standard entry in the registry: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/Sysguard.exe How the code got in I have no idea, though one site suggested it may have come through some codec pacted in a graphic file. The original source is supposed to be out of Russia but it is appearing up everwhere. Considering the desktop was running run-time-protection, windows firewall, had all the current updates, the client was running it only in user mode and it switched to running at 'system' level; it just goes to show weak the system and all the protection really is... this would never happen on a Linix/BSD system. Sorry to sound grumpy but it took two hours to uncover and remove and I was late for supper... and the client was very grumpy while I had to stay cool and calm. Jim _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com