Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New virus based on windows exploit?


  • Please log in to reply

#1
Brianm81

Brianm81

    New Member

  • Member
  • Pip
  • 2 posts
Hello this is my first time at this site. Last night I was browsing some websites and Internet Explorer locked up on me. I opened up Task Manager in order to kill the process when I noticed a process running that shouldn't have been there. The executable was "ver_prada.exe". So I killed the Internet Explorer process along with the one associated with ver_prada. After this I noticed there was also an executable on my desktop with the name ver_prada.exe. Some quirky things started happening after that... like random reboots and NPROTECT.EXE from Norton Antivirus was utilizing 99% of my CPU. I can't seem to locate any information on the web about this "ver_prada.exe". I am at work right now and tried remote desktoping into my PC and it denyed my connection. The port is open... but it denys the connection. Try RDPing into another PC on my LAN and tried to remote desktop into the infected one from there with the same effect. I checked my Netgear routers log and recently it showed connections from the infected PC to www.prada.7766.org and to www.elogiks.com. Obviously since I am not at home either this virus is connecting to those sites or someone is remote controlling my computer. I used the Netgear firewall feature to block all outgoing ports 1-65535 so that no more connections can be made. I was wondering if anyone knows anything about this variant of a virus. My windows updates have all been up to date (or so I thought) which leads me to believe that this is a recent vulnerability in Microsoft Windows. Please any help would be much appreciated!!

>> Correction >>

This is not actually a new virus... just a new windows bug that websites are using to download trojans and other adware/malware to your computer. But be careful... There are unofficial patches available that you can use or you can simply disable Active Scripting in Internet Explorer or switch to a different browser such as Firefox, Opera, etc...

Edited by Brianm81, 28 March 2006 - 03:15 PM.

  • 0

Advertisements


#2
Brianm81

Brianm81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Did a little more research and found this:

http://www.securityf...om/news/11384/2

It apparently is a new bug in ActiveX components. Unfortunately no removal instructions are listed and microsoft apparently isn't going to release a patch until April 11th.... way to go Microsoft. Guess I'm gonna have some fun when I get home from work :whistling:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP