Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
1501 posts

Uber Geek
+1 received by user: 339


  Reply # 1199274 17-Dec-2014 15:59
Send private message

https://www.virustotal.com/en/file/661385e050dcb4791856608819266a989061e026941182c08f8eb63f39e8448a/analysis/1418784214/

1501 posts

Uber Geek
+1 received by user: 339


  Reply # 1199281 17-Dec-2014 16:03
Send private message

Thats the actual file from an infected PC, different to the attachment. The email attatchment is a downloader Id guess


Nothing will be in the sent items...
but you will have a random jibberish file in C:\windows folder
and you'll be getting bounced emails
Most AV still cant detect the actual virus once infected. The email attachment seems to now be detected though.

1 post

Wannabe Geek


  Reply # 1199307 17-Dec-2014 16:27
Send private message

Still waiting on Eset to pick up on the exe (https://www.virustotal.com/en/file/661385e050dcb4791856608819266a989061e026941182c08f8eb63f39e8448a/analysis/)

But also noticed in services there was a new "Google update service" pointing to the exe.



2286 posts

Uber Geek
+1 received by user: 648


  Reply # 1199332 17-Dec-2014 16:44
Send private message

Still can't find any info on if it does anything other than just send copies of itself out.

1501 posts

Uber Geek
+1 received by user: 339


  Reply # 1199339 17-Dec-2014 16:47
Send private message


But also noticed in services there was a new "Google update service" pointing to the exe.


Malwarebytes detected & removed that "Google update service" . I initially though it that part may have been a false positive . Good to get some more info.

Not good when the freeware is on the ball-detecting & removing from this morning, payware still not detecting .


Edit:
PC's still infected , after running 5 different AV, malware programs
I just tried Sophos free scanner, it found more exe's and reg entries all the others missed. Makes me wonder if
its just re-infecting itself .

I'll have to wait till Thurs when all the virus definitions get updated

1907 posts

Uber Geek
+1 received by user: 1052


  Reply # 1199385 17-Dec-2014 18:03
Send private message

I'm no expert, but my firm opinion is that once a PC is infected it can't reliably be cleaned. Nuke it and (if you have one) restore a backup. It really isn't worth the risk.




Location: Dunedin

1501 posts

Uber Geek
+1 received by user: 339


  Reply # 1199702 18-Dec-2014 09:46
Send private message

It does some nasty stuff. Change passwords on infected PC's
If any internet banking was done that day, change bank pass as well.

 

http://www.virusradar.com/en/Win32_Battdil.F/description

836 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1199738 18-Dec-2014 10:14
Send private message

We where getting them yesterday via O365 exchange for a couple of hours. 6 people opened the zip file but Trend WFB zapped it.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03


The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56


Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47


Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23


Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47


Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38


Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00


Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01


DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08


Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55


Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44


Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38


KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32


FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57


New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.