Q: I was analyzing the 30 days malware log file and found hundreds of "BKDR_Generic.DIT" and "TROJ_Generic.DIT" which stated questionable action result - Passed Potential Security Risk. I am sure that I have already enabled Generic Detection by adding few lines in the ofcscan.ini. Anything to worry about?
A: You have done the right thing by enabling generic detection. The purpose of this detection is to make us aware that there is a certain file that is posing some threats. There is a big possibility that this is malicious file. We are just letting it pass because we do not have still an enhanced clean pattern for that one. If we quarantine or delete that file, it is very risky. Why? It is because the file could be a system file or a .dll file that is an important file on Windows. If we quarantine/delete it, there is a chance that your Windows will hang or even BSOD.
The moment you are aware of such generic virus. The next step is to collect them. Compress the files using WinZip and put a password: virus. Send the sample files to us and we will create an enhanced pattern file for you. Also, it will be much better if you use our SIC Tool to further analyze your system for other infections. Then send the sic logs and suspect.zip. Furthermore, send the Virus logs for us to know who are being infected and find the PC that is the one infecting the system.
I hope this helps.
Showing posts with label info sharing. Show all posts
Showing posts with label info sharing. Show all posts
Wednesday, April 14, 2010
Wednesday, November 11, 2009
DOWNAD and recycler folder
I read from Trend Micro Blog about DOWNAD/Conficker. Some interesting note to highlight since recent visit to a customer place I happened to see the virus log and they were few entries with infected path detected in Recycler folder.
"In January of this year, a few security websites and media outlets reported a wave of detections of another DOWNAD variant.
This variant first sent exploit packets for a Microsoft Server Service Vulnerability to every machine on the network and to several randomly selected targets over the Internet. It then dropped a copy of itself in the Recycler folder of all available removable and network drives and created an obfuscated autorun.inf file on these drives so it can execute every time a user browsed a network folder or removable drive without actually clicking on the file. It then enumerated the available servers on the network and, using this information, gathered a list of user accounts on the machines."
What is Recycler Folder and How to remove it
A good reading material from Tech Salsa
If you have used Windows for quite some time now then you must have seen this folder called RECYCLER. But many people don’t know what this folder is and what is it doing in the drive?
What is Recycler folder?
The Recycler folder is used only on NTFS partitions and is referred to as a location where all the deleted files go after they have been deleted by the user. Now you may be wondering if it contains the deleted files then why we have the Recycle Bin.
When a file is deleted it goes to the Recycle Bin but when the Recycle Bin is emptied, the files are stored in this Recycler folder. This is the reason why we can still restore the deleted data in the Windows.
Difference between Recycle Bin and Recycler
Recycle Bin stores the file that are deleted from the computer until it is emptied completely whereas the Recycler folder contains a Recycle Bin for each user that logs on to the computer. (MS article)
Recycled Folder
This is something different than the Recycler folder as Recycled is same as Recycle Bin. That is both Recycled and Recycle Bin are just two different names for the same memory location.
How to delete Recycler Folder
Recycler is a read only folder and that is why it gave error if you tried to delete it. To view the folder, go to Tools -> Folder Options -> View tab and uncheck the option of Hide Protected operating System Files.
Now just right click on the folder, go to Properties and unselect the option of Read Only. Now it can be deleted.
Recycler Virus
There has been identified a virus with the same name that is Recycler.exe which should not be confused with the Recycler folder.
"In January of this year, a few security websites and media outlets reported a wave of detections of another DOWNAD variant.
This variant first sent exploit packets for a Microsoft Server Service Vulnerability to every machine on the network and to several randomly selected targets over the Internet. It then dropped a copy of itself in the Recycler folder of all available removable and network drives and created an obfuscated autorun.inf file on these drives so it can execute every time a user browsed a network folder or removable drive without actually clicking on the file. It then enumerated the available servers on the network and, using this information, gathered a list of user accounts on the machines."
What is Recycler Folder and How to remove it
A good reading material from Tech Salsa
If you have used Windows for quite some time now then you must have seen this folder called RECYCLER. But many people don’t know what this folder is and what is it doing in the drive?
What is Recycler folder?
The Recycler folder is used only on NTFS partitions and is referred to as a location where all the deleted files go after they have been deleted by the user. Now you may be wondering if it contains the deleted files then why we have the Recycle Bin.
When a file is deleted it goes to the Recycle Bin but when the Recycle Bin is emptied, the files are stored in this Recycler folder. This is the reason why we can still restore the deleted data in the Windows.
Difference between Recycle Bin and Recycler
Recycle Bin stores the file that are deleted from the computer until it is emptied completely whereas the Recycler folder contains a Recycle Bin for each user that logs on to the computer. (MS article)
Recycled Folder
This is something different than the Recycler folder as Recycled is same as Recycle Bin. That is both Recycled and Recycle Bin are just two different names for the same memory location.
How to delete Recycler Folder
Recycler is a read only folder and that is why it gave error if you tried to delete it. To view the folder, go to Tools -> Folder Options -> View tab and uncheck the option of Hide Protected operating System Files.
Now just right click on the folder, go to Properties and unselect the option of Read Only. Now it can be deleted.
Recycler Virus
There has been identified a virus with the same name that is Recycler.exe which should not be confused with the Recycler folder.
Subscribe to:
Posts (Atom)
