Another AOL IM virus.

This one came from fun001.dynu.net/info.php?file=img021.jpg_______

When a user runs the linux it creates a file called lockx.exe
Lockx then creates a file c:\windows\system32\msdirectx.sys (detected by macfee as FURootkit) and c:\xz.bat (Prockill-cv)
I am also seeing it create a file c:\windows\system32\silient_kuwait150.exe

looks like the silient_kuwait150.exe is spyware.

4 thoughts on “”

  1. We are recommending that people don’t click on link in IM with out first checking with the person who sent it to make sure that they sent it. Hard I know but something to think about.

    What virus software are you using and what virus was reported by the virus software. If you only see FURootkit and ProcKill-cv were detect and deleted then you are in good shape. You can just do a full scan of your computer and you will be good.
    The saving grace of this virus was that when run it tried to create 2 new files that were known viruses which were caught by an uptodate virus package.

    My experience was with Mcafee so other vendors might be slightly different.

  2. well, i clicked on the link (blegh!) and I have McAfee, but I did an online virus scan with McAfee and it detected it, I can’t figure out how to do a total system scan with McAfee (i’m a computer moron!)

  3. I have only played with the enterprise version which will probably be different from the home version. I right click on the virus scan shield at the bottom right of the screen (next to the clock) I then choose virus console. Then click on “On Demand Scan” then choose start.

Comments are closed.