Hello this is my first time at this site. Last night I was browsing some websites and Internet Explorer locked up on me. I opened up Task Manager in order to kill the process when I noticed a process running that shouldn't have been there. The executable was "ver_prada.exe". So I killed the Internet Explorer process along with the one associated with ver_prada. After this I noticed there was also an executable on my desktop with the name ver_prada.exe. Some quirky things started happening after that... like random reboots and NPROTECT.EXE from Norton Antivirus was utilizing 99% of my CPU. I can't seem to locate any information on the web about this "ver_prada.exe". I am at work right now and tried remote desktoping into my PC and it denyed my connection. The port is open... but it denys the connection. Try RDPing into another PC on my LAN and tried to remote desktop into the infected one from there with the same effect. I checked my Netgear routers log and recently it showed connections from the infected PC to www.prada.7766.org and to www.elogiks.com. Obviously since I am not at home either this virus is connecting to those sites or someone is remote controlling my computer. I used the Netgear firewall feature to block all outgoing ports 1-65535 so that no more connections can be made. I was wondering if anyone knows anything about this variant of a virus. My windows updates have all been up to date (or so I thought) which leads me to believe that this is a recent vulnerability in Microsoft Windows. Please any help would be much appreciated!!
>> Correction >>
This is not actually a new virus... just a new windows bug that websites are using to download trojans and other adware/malware to your computer. But be careful... There are unofficial patches available that you can use or you can simply disable Active Scripting in Internet Explorer or switch to a different browser such as Firefox, Opera, etc...
Edited by Brianm81, 28 March 2006 - 03:15 PM.