PDA

View Full Version : *warning* Do Not Open Sub Vs Destroyer



Baja Big Dog
01-22-2007, 12:38 PM
DO NOT OPEN THE ATTATCHMENT ON "SUB VS DESTROYER"...
Three of us opened it and we all got hit with a nasty virus, Norton is attempting to fix it (a Trojan horse) but so far no luck.
It would be nice if the thread was removed

shippingguy
01-22-2007, 12:40 PM
DO NOT OPEN THE ATTATCHMENT ON "SUB VS DESTROYER"...
Three of us opened it and we all got hit with a nasty virus, Norton is attempting to fix it (a Trojan horse) but so far no luck.
It would be nice if the thread was removed
I opened it as well and my Norton has been alerting me about this virus. It tells me to update to protect from the virus, but when I click Protect Me it says it is unable to protect at this time. Any advise would help.

hoolign
01-22-2007, 12:43 PM
DO NOT OPEN THE ATTATCHMENT ON "SUB VS DESTROYER"...
Three of us opened it and we all got hit with a nasty virus, Norton is attempting to fix it (a Trojan horse) but so far no luck.
It would be nice if the thread was removed
Seriously? I don't have any virus's in my comp and I posted it off killsometime.com. I'll delete the thread! :eek: hmmm gone already!

Jbb
01-22-2007, 12:45 PM
Seriously? I don't have any virus's in my comp and I posted it off killsometime.com. I'll delete the thread! :eek: hmmm gone already!
Ahh yes...the root cause of our problems becomes readily apparent.....:D

hoolign
01-22-2007, 01:18 PM
Ahh yes...the root cause of our problems becomes readily apparent.....:D
Sneaky bastard foliage boy?? :D
Did any of you get the virus name??

Jbb
01-22-2007, 01:20 PM
Sneaky bastard foliage boy?? :D
Did any of you get the virus name??
Rexmamankyhanslatorpollenation trojan........

hoolign
01-22-2007, 01:25 PM
Rexmamankyhanslatorpollenation trojan........
hmmm.. ya think?? :confused:

Wet Dream
01-22-2007, 01:29 PM
My antivirus has been blinking all day. Anyone else notice that your username and password doesn't stay stored to log into HB?

Wet Dream
01-22-2007, 01:30 PM
Seriously? I don't have any virus's in my comp and I posted it off killsometime.com. I'll delete the thread! :eek: hmmm gone already!
Ummm, no. Still there.

hoolign
01-22-2007, 01:31 PM
My antivirus has been blinking all day. Anyone else notice that your username and password doesn't stay stored to log into HB?
Nope..all good here!

Wet Dream
01-22-2007, 01:32 PM
And 389 opened that thread, however not all opened the link. And only 3 have a virus?

hoolign
01-22-2007, 01:32 PM
Ummm, no. Still there.
Saw that! I'm not deleteing anything yet.. My NIS has done 47,000 files with one adware so far :idea:

hoolign
01-22-2007, 01:33 PM
This just may be a "plant" :eek: JBB .."got bugs?"

shippingguy
01-22-2007, 01:34 PM
My antivirus has been blinking all day. Anyone else notice that your username and password doesn't stay stored to log into HB?
Mine has been blinking all day as well after opening the link. Ran liveupdate and it states it cannot update for this virus at this time.

DelawareDave
01-22-2007, 01:43 PM
I just went to the thread and opened the link with no problem. Good video, too. :D

hoolign
01-22-2007, 02:02 PM
lil update here.. 62,000 files scanned..0 attention needed WTF?? :idea:

Dream Chaser
01-22-2007, 02:08 PM
mine got hit also scanned 3 x-times still no luck getting rid of it. SOB's

Dream Chaser
01-22-2007, 02:11 PM
trojan.pecomm is the name

hoolign
01-22-2007, 02:17 PM
I bet fokken Hooli is behind the zebra mussel infestation too!
Oh stfu! :D
Wait till i unleash the mutant slug infestation! should hit CA in about 156 years..if i let em out now!

Wet Dream
01-22-2007, 02:18 PM
N.A.V. won't even get to the screen where I can pay for my update. It keeps looking and looking and looking.

Dream Chaser
01-22-2007, 02:20 PM
Trojan.Peacomm: Building a Peer-to-Peer BotnetSymantec Security Response has seen some moderate spamming of a new Trojan horse. The threat arrived in an email with an empty body and a variety of subjects such as:
A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text
The attachments may have any of the following filenames:
FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe
The attachment is not a video clip, but a Trojan horse program, which Symantec heuristic technology already detected as Trojan.Packed.8. Today's LiveUpdate definitions detect it as Trojan.Peacomm. Users of Symantec’s Brightmail Anti-Spam are also protected from this spam email.
The executable drops a system driver (wincom32.sys, also detected as Trojan.Peacomm), which injects some payload and hidden threads directly into the services.exe process, using a sophisticated technique similar to Rustock (see Mimi Hoang’s blog and Elia Florio’s blog). However, in spite of its name, wincom32.sys driver is not a "real" rootkit as it does not hide its presence or its registry keys in the system.
Once the computer is infected, Trojan.Peacomm attempts to establish peer-to-peer communication on UDP port 4000 with a small list of IP addresses, in order to download and execute more malicious files. If you use a personal firewall with egress filtering, you will be notified that the services.exe process is attempting to connect to a remote address on this port. Symantec’s Threat Management System shows a spike in traffic for UDP port 4000:
When it manages to connect to any of these initial IP addresses, it receives a list of additional IP addresses of infected machines and adds them to its list of available peers, building up a distributed network to aid in the download of more malware. The Trojan also keeps a "blacklist" of unsuitable peers. Part of this encrypted P2P configuration is stored in a file peers.ini stored in the %System% folder.
Currently the malware being downloaded is as follows:
game0.exe: A downloader + rootkit component – detected as Trojan.Abwiz.F
game1.exe: Proxy Mail Relay for spam which opens port TCP 25 on the infected machine – detected as W32.Mixor.Q@mm
game2.exe: Mail Harvester which gathers mail addresses on the machine and post them as 1.JPG to a remote server – detected as W32.Mixor.Q@mm
game3.exe: W32.Mixor.Q@mm
game4.exe: It contacts a C&C server to download some configuration file – detected as W32.Mixor.Q@mm
From a malware writer’s point of view, this strategy of using peer-to-peer communication presents clear advantages over the traditional botnet method of one (or a few) Command & Control server(s). First and foremost, it minimizes the chances of losing the botnet if you "cut the head" by bringing down the C&C server or redirecting the traffic. It also helps spread the load that such downloads would impose on a single server.
You are advised to update your products to the latest available security updates from Symantec. We also recommend following the safe computing practices and exercising caution when opening emails.
Posted by Amado Hidalgo on January 19, 2007 10:00 AM

phebus
01-22-2007, 02:28 PM
When I saw sub vs. destroyer, I figured it was just another DCB vs. Eliminator thread, and didn't waste my time with it. :D

Dream Chaser
01-22-2007, 03:05 PM
if anybody figures out to get rid of this stupid thing please post

hoolign
01-22-2007, 03:07 PM
if anybody figures out to get rid of this stupid thing please post
139,366 files scanned, 3 fixed, 0 need attention..so far!:idea:

Dream Chaser
01-22-2007, 03:09 PM
Discovered: January 19, 2007
Updated: January 22, 2007 04:04:42 PM GMT
Also Known As: CME-711 [Common Malware Enumeration], TROJ_SMALL.EDW [Trend Micro], Small.DAM [F-Secure], Downloader-BAI [McAfee], Troj/Dorf-Fam [Sophos]
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.
Delete any values added to the registry.
For specific details on each of these steps, read the following instructions.
1. To disable System Restore (Windows Me/XP)
If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
How to disable or enable Windows Me System Restore
How to turn off or turn on Windows XP System Restore
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents.
For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article: Antivirus Tools Cannot Clean Infected Files in the _Restore Folder (Article ID: Q263455).
2. To update the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions:
If you use Norton AntiVirus 2006, Symantec AntiVirus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products include newer technology.
If you use Norton AntiVirus 2005, Symantec AntiVirus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.
Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to Virus Definitions (Intelligent Updater).
The latest Intelligent Updater virus definitions can be obtained here: Intelligent Updater virus definitions. For detailed instructions read the document: How to update virus definition files using the Intelligent Updater.
3. To run a full system scan
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.
For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.
Run a full system scan.
If any files are detected, follow the instructions displayed by your antivirus program.
Important: If you are unable to start your Symantec antivirus product or the product reports that it cannot delete a detected file, you may need to stop the risk from running in order to remove it. To do this, run the scan in Safe mode. For instructions, read the document, How to start the computer in Safe Mode. Once you have restarted in Safe mode, run the scan again.
After the files are deleted, restart the computer in Normal mode and proceed with the next section.
Warning messages may be displayed when the computer is restarted, since the threat may not be fully removed at this point. You can ignore these messages and click OK. These messages will not appear when the computer is restarted after the removal instructions have been fully completed. The messages displayed may be similar to the following:
Title: [FILE PATH]
Message body: Windows cannot find [FILE NAME]. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
4. To delete the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified subkeys only. For instructions refer to the document: How to make a backup of the Windows registry.
Click Start > Run.
Type regedit
Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
Navigate to and delete the following subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\wincom32
Exit the Registry Editor.
http://www.symantec.com/security_response/writeup.jsp?docid=2007-011917-1403-99&tabid=3

RiverDave
01-22-2007, 03:09 PM
I watched it as well, but I'm not aware that I have any viruses on my new laptop? My norton hasn't done anything yet?
RD

Rexone
01-22-2007, 03:14 PM
I watched it the other day with no problem. I have trend micro.

hoolign
01-22-2007, 03:19 PM
I watched it the other day with no problem. I have trend micro.
I think a few peeps were interested in Naked teens attacking a home director. :eek: :eek:

Dream Chaser
01-22-2007, 03:20 PM
Could be from somewhere else if you look at the topic lines no mention of sub vs. destroyer but I haven't opened any of the other titles either who knows maybe just one of the lucky ones that got hit from somewhere else. Going to try the fix when I have a little more time.

hoolign
01-22-2007, 03:23 PM
Could be from somewhere else if you look at the topic lines no mention of sub vs. destroyer but I haven't opened any of the other titles either who knows maybe just one of the lucky ones that got hit from somewhere else. Going to try the fix when I have a little more time.
The actual video is called "Destroyer vs sub" its on page 7 or 8 on www.killsometime.com. But no..niether way is mentioned in alerts. I'm off the hook and ready to post some annonymous links again..wooohooo :D

hoolign
01-22-2007, 03:33 PM
368,850 files scanned, 3 fixed, 0 need attention..

ratso
01-22-2007, 03:36 PM
368,850 files scanned, 3 fixed, 0 need attention..
Just did mine too... No problems. I think somebody is clicking on porn and blaming you hooli...:D

Jbb
01-22-2007, 03:38 PM
Well .....Hooli ......did have .......a ...."Horticultural themed".......discussion that turned ...ugly ....with a certain Moderator this morning.....

hoolign
01-22-2007, 03:38 PM
Just did mine too... No problems. I think somebody is clicking on porn and blaming you hooli...:D
It can't be from porn... I woulda been down months ago! :D

hoolign
01-22-2007, 03:43 PM
Well .....Hooli ......did have .......a ...."Horticultural themed".......discussion that turned ...ugly ....with a certain Moderator this morning.....
Well we'll have to weed out all other potential suspects!:D Habiscus boy got all uprooted! What a sap!

hoolign
01-22-2007, 03:48 PM
:jawdrop:
http://www.***boat.net/forums/attachment.php?attachmentid=22535&d=1169509676

Wet Dream
01-22-2007, 03:54 PM
I watched it on the home PC, its infected and now my laptop has it!!! :mad:

BadKachina
01-22-2007, 04:05 PM
I got it, now to figure out how to get rid of it..........:mad:

racecar.hotshoe
01-22-2007, 04:19 PM
I watched it two time and I dont have any problems.And I have F-Prot antivirus

Wet Dream
01-22-2007, 05:51 PM
How much did Symantec make off of this? I just dropped $100 to renew the PC and the laptop. :mad:

hoolign
01-22-2007, 05:54 PM
How much did Symantec make off of this? I just dropped $100 to renew the PC and the laptop. :mad:
I wonder if they are in on creating these bugs :idea: :D

Dream Chaser
01-22-2007, 05:57 PM
Ran Live update for the 4th time and full scan I think I got rid of it now

Caribbean Jet
01-22-2007, 06:32 PM
My antivirus has been blinking all day. Anyone else notice that your username and password doesn't stay stored to log into HB?
Yes, its been happening to me as well.

BadKachina
01-22-2007, 06:36 PM
How much did Symantec make off of this? I just dropped $100 to renew the PC and the laptop. :mad:
That was my thought, so instead of renewing, I went to Cox.net (my internet provider) and they had a free security system you could download. I don't know how well it works but it's free if you're a customer. :rolleyes:

dumbandyoung
01-22-2007, 06:38 PM
****! i have trojan on my laptop a month ago i havnt got rid of it yet.. you have to use spy sweeper to remove it i think. and mine just expired. norton wont take it off or tend micro, i tried both

SmokinLowriderSS
01-22-2007, 07:40 PM
I watched this AM, have no trouble whatsoever, but having MacAffee scan anyhow. Over 38,000 files so far, almost all of C-drive, with nothing showing up, and no odd behavior coming up. My firewall has made no odd notifications, and it DOES monitor outgoing traffic with SPI. Stateful Packet Inspection. If any dll's change, I get notified and must approve the changes getting permission.
Look at all the posts about it's behavior, it's a MAILING TROJAN, and should not be a risk/threat if it is not downloaded to your machine and subsequently opened. 3 people with the virus, how many people opened the vid clip online? No way to know since the thread has now been destroyed. :mad:
It's not adding up that it is from the video.
Over 47,000 files scanned now, and over into D-Drive, nothing contaminating my 'puter or it would be on "C" drive with the operating system.
It wasn't the video.

SmokinLowriderSS
01-23-2007, 03:40 AM
All 3 anti-spyware/adware programs run, fully up-to-date, and still nothing here on my 'puter. Wasn't the film clip.

hoolign
01-23-2007, 05:07 AM
All 3 anti-spyware/adware programs run, fully up-to-date, and still nothing here on my 'puter. Wasn't the film clip.
What did you have for lunch?? did you wash your hands before you started on the computer??? Was a window open near the hard drive?? it might be an airborne virus! We better start narrowing down some items and track down this bastard virus! :D

1 Baja Guy
01-23-2007, 11:36 AM
N.A.V. won't even get to the screen where I can pay for my update. It keeps looking and looking and looking.
Had to go to there home page and upgrade to 2007 Did the job. :D

Caribbean Jet
01-23-2007, 11:47 AM
I had to renew my virus software and I still have to re-enter my log ins everytime I come back to the web page,