http://vebest.com/8ll9z14Q77Q2R12R2 ffg
or a variation of that. This is an old Facebook virus, but someone modified the code so it was undetectable with anti-viruses few days ago. Of course, it's detected as a worm now.
First thing I did, I downloaded the file and opened it in a sandbox. It was a zip file, named Picture.15.JPG.zip. I unpacked it, and found an exe disguised in a .scr extension file. That stands for the ScreenSaver file format. I opened the file, and first thing it did was, it disappeared from the desktop. I believe it either attached to some process or it created new exe file and executed it.
Anyway, I noticed my laptop started showing the "Working" cursor. I knew the virus was working on something, so I turned off the Internet. After some examination, I found a new process, which was very similar to the ones Windows is using.
Microsoft Security Essentials didn't detect the virus at first, but few hours after the infestation it did.
I managed to clean my computer by installing Malwarebytes Anti-Malware, and MSE as antivirus. Make sure you have the latest updates for each of them, and run a full scan after that.
NOTE: The virus might kill your MSE process and you'll have to download another antivirus for that time. My friend downloaded Kaspersky Free Virus scan, and it did the job for him.
0 comments:
Post a Comment