Virus infection

[Chairman]

Hi guys

I got a virus called JS.Trojan.Seeker-based.
I am not entire shure how bad this one is but all players I have sent mail to please check your computers.

[davewolf]

Originally posted by Chairman
I got a virus called JS.Trojan.Seeker-based.
I am not entire shure how bad this one is but all players I have sent mail to please check your computers.

Here are some infos:
http://www.viruslist.com/eng/viruslistf ... jan+Seeker (slow server................)
Can't find better ones at the moment.

[Chairman]

if I understand this right, this virus doednt do any real harm??

[davewolf]

Originally posted by Chairman
if I understand this right, this virus doednt do any real harm??

Sounds that way at first look. But don't forget it is a trojan horse! The person who infected your machine can get total control of your computer when the trojan prog is running (and you're online, right now i.e. ...)!

Have a look at its relatives. i.e.:
http://securityresponse.symantec.com/av ... ker.b.html More information here.

Look here for more info about trojans (not the people... ):
http://www.anti-trojan.net/

If you have problems, let us know. That virus should be eliminated!

[Montenegro]

Originally posted by davewolf

Sounds that way at first look. But don't forget it is a trojan horse! The person who infected your machine can get total control of your computer when the trojan prog is running (and you're online, right now i.e. ...)!

Have a look at its relatives. i.e.:
http://securityresponse.symantec.com/av ... ker.b.html More information here.

Look here for more info about trojans (not the people... ):
http://www.anti-trojan.net/

If you have problems, let us know. That virus should be eliminated!

Ditto. Exterminate with extreme prejudice...remove this vile Col Kurtz from the web jungle at all costs! It can be a major pain in your PC serenity.


Regards,

Montenegro

[davewolf]

Has your machine been cleaned up successfully in the meantime?

[Montenegro]

Originally posted by davewolf
Has your machine been cleaned up successfully in the meantime?

Davewolf,

I think you were asking me...

I have personally not been pestered by this, but a good friend of mine has. He eradicated it with some angst involved because I think it got it's "teeth" in his PC a bit. Not the most fatal of virus, but a pest nonetheless. It's amazing that people actually spend this much time in the world trying to destroy other people's stuff. Not surprising, though. I think whoever invents the fail safe automated voting system and a firewall that could hold back a hurricane of hackers will trump Bill Gates and make him look like Texas Instruments, Inc.

Regards,

Montenegro

[Chairman]

Hi

I got a program thats free "Digital Patrol 4" wich says that it found 2 virus and terminated them, but when I uses my first program "F-Secure\Anti-Virus" it still finds the same virus, what program is wrong, wich one is the right???? Anybody who can enlight me??

[Chairman]

Found that the free "F-Secure\Anti-Virus" dont disinfect virus, thats when you bye the full version.

[Nixuebrig]

Originally posted by Chairman
Found that the free "F-Secure\Anti-Virus" dont disinfect virus, thats when you bye the full version.

ever tried F-Prot, it is fully free(the Dos Version, but it kills almost any virus)

http://www.f-prot.com/download/index.html

[davewolf]

Originally posted by Chairman
I got a program thats free "Digital Patrol 4" wich says that it found 2 virus and terminated them, but when I uses my first program "F-Secure\Anti-Virus" it still finds the same virus, what program is wrong, wich one is the right???? Anybody who can enlight me??

Don't use both. But I'd guess that no virus scanner will find a virus that's not there.

[murx]

Maybe both find the 'virus-data' within the virus definition file of the other program ?
So the first find the 'real' virus and the definition file of F-Secure and F-Secure only the 'definition file' of Digital Patrol but not the meanwhile deleted virus

murx

[davewolf]

Originally posted by murx
Maybe both find the 'virus-data' within the virus definition file of the other program ?
So the first find the 'real' virus and the definition file of F-Secure and F-Secure only the 'definition file' of Digital Patrol but not the meanwhile deleted virus

That's what we (germans) call Murcks, huh?

Never mind.

Couldn't resist...

[murx]

Yep - that's why my name is spelled with X, so noone can confuse it

Anyway I live with this name for over 15 years now, hey even teachers used it to call me at school :p

murx

[Micha]

I downloaded F-Prot and scanned my computer. No virus was found, but I got the message:
C:/Windows/MNSVC.EXE is a security risk or "backdoor" program.

Can anybody tell me what this means or even know this file? Thank you!

[Nixuebrig]

Originally posted by Micha
I downloaded F-Prot and scanned my computer. No virus was found, but I got the message:
C:/Windows/MNSVC.EXE is a security risk or "backdoor" program.

Can anybody tell me what this means or even know this file? Thank you!

using win98 i don`t have this file on my compy.

A backdoor programm usually means, someone else could take control on your compy with it (calle trojaner or trojan virus).

After doing a quick search the following side appeared.

http://www.pspl.com/virus_info/trojans/autoupder.htm

Please check.

[davewolf]

Originally posted by murx
Yep - that's why my name is spelled with X, so noone can confuse it

Anyway I live with this name for over 15 years now, hey even teachers used it to call me at school :p

Didn't expect it to be your real name. But in that case it was certainly no witty comment of mine. Maybe better luck next time...

[Micha]

Prince, thank you very much for that info!
I looked at the site you mentioned and also downloaded the Antivirus software from there, but, like F-Prot, it did not find a virus on my computer.
However, the site mentions some programs that the virus downloads and installs under the Windows directory, and most of those are on my computer.
My next question is - can I simply delete them? The site says that this backdoor makes changes to the registry, and whenever I start my computer the programs mnsvc and absr are active (I close them immediately, of course). Unfortunately I don't know much about computers. Can anybody help me?

[murx]

hi davewolf, no worries
the name murx evolved somewhere around my 15th birthday and since then turned into a 'full' name; I'm thinking of getting it into my official papers but haven't decided yet.

hi Micha,
you need to delete the files together with the registry entries that will start them - they should be in a key called Run or RunServices and similiar keys. Best option is to search for those programs names within the registry and delete the referring entries

Use run from startmenu and enter 'regedit' and search for 'absr.exe' and 'mnsvc.exe' assuming both are exe files (but check, they might be .com files.

hope this helps.

murx

[davewolf]

Micha,
you don't have to do all that manually. You can use Trojancheck, a very useful tool which you can download here. It is freeware for personal use. Unfortunately (for the rest of us) only in german.

Install it and it displays not only all registry entires (and much more), but also the 'suspected' ones. Then you can remove the evil ones with a click.