Показано с 1 по 8 из 8.

Old sad song again and again: w32: Tenga

  1. #1
    Junior Member Репутация
    Регистрация
    29.06.2007
    Сообщений
    4
    Вес репутации
    62

    Old sad song again and again: w32: Tenga

    I know: a lot of people have the same problem. I read many many forums and many pages on AV-Programs-sites. It is always the same: they declare, what this virus is doing, sometimes there are names to find: dl.exe etc.! But this is not my problem: I don't want to delete infected files, I WANT TO KILL THIS MOTHER-BEAST, THIS VIRUS-PRODUCTION-MACHINE (the virus not the infected patient) Where can I find keys in the registry, for which files do I have to search. I used so many Off-line and On-line Anti virus-programmes till there were no more warnings, but a few days later Tenga was back. Where does it hide? Where are all the parts of Tenga scattered over my hard disks? I included the AVZ-zips(REM1) and the HJT-log, Dr.web Cure-it didn't find anything, and I included the quarantined files although AVZ is something a little strange, e.g.: *.com - files are normal DOS-Commands (therefore a screen capture with my a little bit "pissed" comments...I didn't sleep for 2 days because of Tenga). You can't find any reasonable answers:
    Always do a backup
    - ehm - I have nearly 436 GB of data: backup on DVDs means about 100 DVDs per backup, I have neither the money nor the time to do this ... make a complete formatting of all hard disks and install your system and all your ten-thousends of programs again - ehm - this is a doctor who tells to his assistants: this man has two children (new system), he is infected by a virus - kill him, mother will educate the kids (Re-install progs) - No No No this man who wrote this page (e.g Ph.D. Johansson) is a ******** pointy-head using his unix OS with only a few silly little math-progs which are using 5% space of his 100 MB-HDD and he's getting nervous if this HDD is filled up to 10%!

    Sincerely

    Chris from Munich

    ****rem1 :all AVZ files were made using safe mode, I tried a lot of things (killing threads using my process-explorer) but the scripts crashed my system in normal mode more than a dozen times. I will send it with a new thread if I will manage the scripts in normal mode

    ****rem2 :I didn't include the quarantined files, because even as a zip-file they are more than 7 MB
    Вложения Вложения
    Последний раз редактировалось FCN_Muc; 29.06.2007 в 11:21. Причина: Forgot HJT-File

  2. #2
    Junior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.09.2006
    Сообщений
    5,658
    Вес репутации
    1838
    AVZ - File - Custom scripts: copy the given Code, paste it and Run the script. The system will reboot.

    Код:
    begin
     SearchRootkit(true, true);
     SetAVZGuardStatus(True);
     QuarantineFile('I:\WINDOWS\winstart.bat','');
     QuarantineFile('\SystemRoot\system32\drivers\ikfileflt.sys','');
     BC_ImportQuarantineList;
     BC_Activate;
     RebootWindows(true);
    end.
    After that please upload the quarantined files according to the Rules.

    Generally, Tenga is a classical virus that infects files. Our tools are not designed for this type of viruses. Have you tried scanning with Dr.Web CureIt utility, as described in the Rules?

    Your current antivirus is avast! ?
    Последний раз редактировалось NickGolovko; 29.06.2007 в 11:50.
    [I]Nick Golovko
    NCFU lecturer, information security specialist[/I]

  3. #3
    Junior Member Репутация
    Регистрация
    29.06.2007
    Сообщений
    4
    Вес репутации
    62
    Yes, I tried Dr. Web Cure-it as described, but it didn't find any infection etc. And my current AV is Avast! 4 Professional!

    I had to Rar the quarantined files by myself, because virus.zip made by avz exceeded the quota by 160 bytes, the zip-file was to big to send it to you but only 160 bytes to big! Now I used a better compression by rar, the password is still "virus" as in the original zip-file! Why are my old files still added in the quota of attached files. It could be moment where someone has to send several MBs of attached files??????

    Sincerely,

    Chris Noll
    Последний раз редактировалось NickGolovko; 30.06.2007 в 15:55.

  4. #4
    Junior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.09.2006
    Сообщений
    5,658
    Вес репутации
    1838
    You should have used this link to upload files:

    http://virusinfo.info/upload_virus_eng.php?tid=10711

    (it is above, "Upload quarantined files").

    Attaching files to the message is not allowed.

    According to VirusTotal your files look clean. Let's see what we can do.

    Is that avast! which detects Tenga? Where does it find it? Next time it finds it, please upload the detected file and inform us about the upload: we will see whether it is true or false alarm. Do not forget using the link I've provided.
    [I]Nick Golovko
    NCFU lecturer, information security specialist[/I]

  5. #5
    Junior Member Репутация
    Регистрация
    29.06.2007
    Сообщений
    4
    Вес репутации
    62
    Avast has quarantined some files, but I don't know if they are encrypting these files. Should I send some?

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для drongo
    Регистрация
    17.09.2004
    Адрес
    Israel
    Сообщений
    7,164
    Вес репутации
    994
    Well, you should put them in Zip archive with password : virus
    Then, please uplad the archive by the link :http://virusinfo.info/upload_virus_eng.php?tid=10711

  7. #7
    Junior Member Репутация
    Регистрация
    29.06.2007
    Сообщений
    4
    Вес репутации
    62
    Sorry the delay I had to wait for a new DSL-modem. I send you one example in a Zip-archiv to the link you told me!
    Here the details:
    File saved as 070708_212206_Virus_46911d3e2fa5f.zip
    File size 70381
    MD5 7dd14c3b4e4365e1e76ef9d282ac49b8

  8. #8
    Junior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    06.09.2006
    Сообщений
    5,658
    Вес репутации
    1838
    Avast says it's Win32:Trojan-gen (so it is a heuristic detection). None of the leading vendors detects it, though VirusTotal shows several false positives. So this file looks clean.

    I would like to see a file detected as Tenga, if you have any.
    [I]Nick Golovko
    NCFU lecturer, information security specialist[/I]

Похожие темы

  1. Tenga.gen
    От technik-nk в разделе Помогите!
    Ответов: 4
    Последнее сообщение: 08.05.2012, 09:43
  2. Вирус Tenga.a Tenga.Gen Geal3666
    От Salmon в разделе Помогите!
    Ответов: 1
    Последнее сообщение: 13.03.2011, 21:57
  3. Tenga.gen
    От foxyrus в разделе Помогите!
    Ответов: 3
    Последнее сообщение: 16.12.2009, 18:57
  4. Tenga.gen
    От Fraddy в разделе Помогите!
    Ответов: 9
    Последнее сообщение: 10.10.2008, 14:17

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.00321 seconds with 20 queries