!!!!!!!! Virus !!!!!!!!!!

[Gast]

LET OP

 

Bij onze buren ,, Slovak '' kan je ook gratis een computervirus binnenhalen.

taquilla seca calc.public.zip is geinfecteerd.

 

Zorg voor een goede virusscanner.

 

John

[Gast]

Met welk virus dan? Als je weet dat het geinfecteerd is weet je ook met welk virus.

 

Of is dit HOAX

 

Dartie.

[Gast]

Met het Backdoor Bionet 401 virus.

 

John

[Gast]

Je komt met oud nieuws, maar bedank voor je tip. Het zijn amateurs. Netbus en Backorifice en subseven is juist voor kleine jongens.

Hieronder iets meer.

 

Backdoor.Bionet.40a

Discovered on: July 4, 2001

Last Updated on: April 15, 2002 at 04:47:27 PM PDT

Backdoor.Bionet.40a is a malicious backdoor Trojan. Its actions are similar to SubSeven, Netbus, and BackOrifice in that it allows unauthorized access to an infected computer.

 

Type: Trojan Horse

 

 

Virus Definitions (Intelligent Updater)*

July 5, 2001

 

 

*

Intelligent Updater virus definitions are released daily, but require manual download and installation.

Click here to download manually.

 

**

LiveUpdate virus definitions are usually released every Wednesday.

Click here for instructions on using LiveUpdate.

 

Wild:

 

Number of infections: 0 - 49

Number of sites: 0 - 2

Geographical distribution: Low

Threat containment: Easy

Removal: Easy

Threat Metrics

 

 

Wild:

Low

Damage:

Low

Distribution:

Low

 

 

Backdoor.Bionet.40a is a backdoor Trojan that runs as a server application and allows unauthorized access to an infected computer. When executed, it performs the following actions:

 

1. To make itself unnoticable even on slow computers, it assigns itself the lowest thread priority value.

2. To remove itself from the Applications list in the Windows Task Manager, it registers itself as a Service process. This permits the Trojan to continue to run even after you log off.

3. It copies itself as \Windows\System\Procmon.exe.

4. To enable itself to run at startup, it adds the value

 

procmon \Windows\System\procmon.exe

 

to the registry key

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

 

5. Next, Backdoor.Bionet.40a sends the message Victim is Online to the ICQ pager of the virus author. This tells the remote computer that the infected computer is ready for remote administration.

6. It then starts to accept and perform the remote commands from the client program through the configurable port. The remote administrator has full access to the file system of the infected computer. The Trojan permits the remote administrator to download or upload files from the remote computer, change the registry, and run commands and programs.

 

Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":

 

Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, a telnet server, and a Web server. These services are avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.

If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.

Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.

Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.

Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.

Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic analysis and restore the computers using trusted media.

Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.

 

To remove the Backdoor.Bionet.40a, please follow the instructions in the order given.

 

To remove the Trojan:

1. Run LiveUpdate to make sure that you have the most recent virus definitions.

2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.

3. Delete any files detected as Backdoor.Bionet.40a. What you do next depends on whether NAV was able to delete files that it detected as infected with Backdoor.Bionet.40a:

If NAV was able to delete all the files that it detected as infected, go to the section To edit the registry.

If NAV was not able to delete all files that it detected as infected, go on to the next section and see the instructions for your operating system.

 

To remove files that cannot be deleted by NAV:

Follow the instructions for your version of Windows only if NAV could not delete files that it detected as infected with Backdoor.Bionet.40a.

Windows 95/98/Me

1. Restart the computer in Safe Mode. For instructions on how to restart in Safe Mode, see the document How to restart Windows 9x or Windows Me in Safe Mode.

2. Run the scan again, and delete any files detected as Backdoor.Bionet.40a.

3. When the scan is finished, go on to the section To edit the registry.

Windows NT/2000

1. Press Ctrl+Alt+Delete one time.

2. Click Task Manager.

3. Click the Processes tab.

4. Click the "Image Name" column header two times to sort the processes alphabetically.

5. Scroll through the list and look for Procmon.exe. If you find the file, click it and then click End Process.

6. Close the Task Manager.

7. Run the scan again, and delete any files detected as Backdoor.Bionet.40a.

8. When the scan is finished, go on to the section To edit the registry.

 

To edit the registry:

 

CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding.

 

1. Click Start, and click Run. The Run dialog box appears.

2. Type regedit and then click OK. The Registry Editor opens.

3. Navigate to the key

 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

 

4. In the right pane, delete the value

 

procmon

 

5. Close the Registry Editor.

 

 

 

Write-up by: Serghei Sevcenco

 

<small>[ 12-05-2002, 21:54: Bericht gewijzigd door: Dartie Duck ]</small>

[Gast]

niet zo Interesant doen FartyDuck,

 

die jongen waarschuwd ons toch alleen hij zegt niks over het virus of dat he nieuw is , hij zegt alleen waar je het kan oplopen ...

 

wat is jou probleem Mr.EGG ...

[Gast]

Ik hou de volgende keer mijn mond, in 51jaar weet je ongeveer wel of je goed doet of niet.

 

John

[Gast]

Niet zo negative, maar dergelijk trojans zijn al heel lang bekend.

 

Ennneuuuuh, ik heb geen probleem hoor, maar het woord virus doet soms al onnodig paniek veroorzaken.

Ik heb de berichtgever hiervoor ook bedankt.

 

Groetjes

 

Dartie

 

PS:

Noem me bij me naam zoals ik hem gebruik

[Gast]

@ John49

 

E.e.a. was niet negatief bedoeld, maar als je iets ontdekt en je loop al zo lang mee, vertel gelijk ook om welke aandoening het gaat en dan tevens hoe we ons hier tegen moeten wapenen.

 

SuBseven, BackOrifice etc.etc. wordt echt niet meer gebruikt hoor, en de meeste virusscanners (mits up to date en licentie betaald) kicken het al bij de eerste bit.

 

Tuurlijk zijn er varianten in omloop, maar mijn vraag blijf toch? Weet je nu wel of niet zeker dat je machine virusvrij is. (ook van de varianten)

 

Dartie

 

(die beslist niet interessant wil doen, maar ook geen onnodige paniek wenst)

[Alventali]

@ dluzion

Ik vind dat Dartie hier alleen maar een stukkie informatie geeft.

Zeker het stuk over het verwijderen van het virus.

Altijd makkelijk voor die gene die hun download scan niet aan hebben staan <img border="0" title="" alt="[Roll Eyes]" src="images/icons/rolleyes.gif" /> en helaas te laat achter komen dat ze een virus hebben.

 

Groetjes Alv

 

<small>[ 14-05-2002, 11:47: Bericht gewijzigd door: Alventali ]</small>

[Avalon]

Hallo

 

Het is een waarschuwing dat je een virus op kunt lopen. En je computer op kunt zetten voor ongewenst gebruik. Thanks voor de message ga de posting sluiten. voordat de discussie op een ware scheldpartij uitloopt

 

Gegroet,

Avalon

 

Moderator Sat4all™

 

<small>[ 14-05-2002, 12:20: Bericht gewijzigd door: Avalon ]</small>