Results 1 to 2 of 2
  1.    #1  
    A new wave of Zero day attacks seems to be hitting on line community hard. SD Bot and a new W32/downloader.rdk have had my phone ringing a few times since yesterday. With MS not expected to deliver a patch till April 11, 3rd party companies are even jumping in with patches to IE.

    Took me 12 hours to strip one machine clean.

    http://www.eweek.com/article2/0,1895,1942566,00.asp
    http://www.eweek.com/article2/0,1895,1943687,00.asp
    http://www.eweek.com/article2/0,1895,1943450,00.asp
    http://www.eweek.com/article2/0,1895,1941494,00.asp

    I asked each person who called this question

    http://www.eweek.com/article2/0,1895,1943473,00.asp

    The machine I had to fix was particularly nasty as it would create randonly named temp files that would reinstall the malware as you were deleting them. it would also launch the browser in the background downloading stuff which included Look2me, I-search and a few others.

    It took 5 different malware programs, the cleanup temp file removal utility, manual edits of registry and manual file removals, locking out browser at firewall, renaming browser.exe files, launching into safe mode several times, launching into each user several times to get it done. Each malware tool was run at least 6 times, each time finding more and more instances after previously decalring system clean. It then had to be run several more times, under each user name to get all straglers. Finally was able to boot into user name under which puter was infected and it still took 2 more scans with each of the 5 to get it clean.

    I can't ever remember being as challenged by an infection as with this one. USer had manually scanned on Friday by MS Antispyware, Spybot, Ad-aware and CWShredder and gotten clean bill of health so it wasn't like this was a long running buildup of baddies.
  2. #2  
    I'd set registry permissions on HKLM\Software\Microsoft\Windows\CurrentVersion\Run and RunServices as well as HKCU to deny write permissions since most malware likes to hide out there and they like to respawn on app.terminate.

    Of course, anyone using IE to surf the Internet deserves to be owned to begin with, IE is the largest insecure piece of shovelware Microsoft has ever produced.

Posting Permissions