| Author |
Some virus????
|
Manish Hatwalne
Ranch Hand
Joined: Sep 22, 2001
Posts: 2573
|
|
My computer has become suddenly very slow and it is unable to connect to any of the anti-virus websites such as symantec.com or www.mcafee.com and my Noton Internet Security doesn't detect any prooblem. Is thsi a new Virus/Worm/Trojan??
Anyone else infected by this and how to get rid of this???
- Manish
|
 |
vjy chin
Ranch Hand
Joined: Feb 17, 2005
Posts: 279
|
|
Try some online virus scanning sites like TrendMicro, Panda, Bitdefender and so on. Also do you have all the updates for your OS (Assuming windows).
Probably you can download some free anti virus softwares and try scanning your machine.
|
|
Manish Hatwalne
Ranch Hand
Joined: Sep 22, 2001
Posts: 2573
|
|
I still don't know which virus was this, but it had added these entries to my hosts file and hence it was not connecting to any of the anti-virus sites. I have cleaned hosts file now, but not sure if Virus is completely removed or not. Can't believe I got this though I have Norton Internet Security and I haven't downloaded/opened any of the attachments.
- Manish
Quite a big list of sites...Wish I could nail this Virus..
127.0.0.1localhost
94.84.195.49avp.com
225.141.97.29ca.com
234.155.110.73customer.symantec.com
199.92.140.41dispatch.mcafee.com
73.148.212.102download.mcafee.com
0.185.81.101downloads1.kaspersky-labs.com
38.81.170.101downloads2.kaspersky-labs.com
27.80.159.15downloads3.kaspersky-labs.com
113.150.71.217downloads4.kaspersky-labs.com
239.247.92.46downloads-eu1.kaspersky-labs.com
158.105.236.37downloads-eu2.kaspersky-labs.com
158.56.59.203downloads-eu3.kaspersky-labs.com
122.122.173.209downloads-eu4.kaspersky-labs.com
47.141.30.122downloads-us1.kaspersky-labs.com
11.83.86.72downloads-us2.kaspersky-labs.com
58.10.20.48downloads-us3.kaspersky-labs.com
130.225.110.77downloads-us4.kaspersky-labs.com
35.193.90.107f-secure.com
65.200.197.209ftp.avp.com
228.8.114.175ftp.ca.com
106.132.19.21ftp.customer.symantec.com
234.247.76.77ftp.dispatch.mcafee.com
132.223.35.20ftp.download.mcafee.com
123.85.249.117ftp.downloads1.kaspersky-labs.com
171.59.25.75ftp.downloads2.kaspersky-labs.com
177.183.119.42ftp.downloads3.kaspersky-labs.com
213.154.183.68ftp.downloads4.kaspersky-labs.com
11.5.1.240ftp.downloads-eu1.kaspersky-labs.com
36.17.195.250ftp.downloads-eu2.kaspersky-labs.com
124.65.120.220ftp.downloads-eu3.kaspersky-labs.com
196.114.115.8ftp.downloads-eu4.kaspersky-labs.com
163.167.94.102ftp.downloads-us1.kaspersky-labs.com
104.214.233.39ftp.downloads-us2.kaspersky-labs.com
250.26.211.151ftp.downloads-us3.kaspersky-labs.com
64.239.70.134ftp.downloads-us4.kaspersky-labs.com
167.93.55.127ftp.f-secure.com
20.174.197.96ftp.grisoft.com
212.163.197.254ftp.kaspersky.com
226.54.235.119ftp.kaspersky-labs.com
28.231.83.219ftp.liveupdate.symantec.com
24.32.72.203ftp.liveupdate.symantecliveupdate.com
254.32.19.176ftp.mast.mcafee.com
201.19.187.52ftp.mcafee.com
117.52.105.159ftp.my-etrust.com
141.36.98.57ftp.nai.com
133.205.88.91ftp.networkassociates.com
219.14.121.72ftp.norton.com
237.113.240.131ftp.rads.mcafee.com
1.182.222.51ftp.sandbox.norman.com
97.112.92.200ftp.secure.nai.com
160.125.163.127ftp.securityresponse.symantec.com
80.30.113.103ftp.sophos.com
71.230.167.11ftp.symantec.com
197.227.218.240ftp.symantecliveupdate.com
14.143.199.119ftp.symatec.com
203.22.209.95ftp.trendmicro.com
202.106.157.237ftp.uk.trendmicro-europe.com
236.168.219.134ftp.update.symantec.com
214.223.77.46ftp.updates.symantec.com
188.165.169.196ftp.updates1.kaspersky-labs.com
92.38.228.240ftp.updates2.kaspersky-labs.com
238.250.123.14ftp.updates3.kaspersky-labs.com
188.131.73.20ftp.updates4.kaspersky-labs.com
7.152.19.197ftp.us.mcafee.com
2.69.182.33ftp.viruslist.com
141.91.64.101grisoft.com
96.156.77.153kaspersky.com
95.73.244.245kaspersky-labs.com
73.66.49.151liveupdate.symantec.com
3.160.106.216liveupdate.symantecliveupdate.com
143.231.53.65mast.mcafee.com
26.49.89.223mcafee.com
150.126.162.133my-etrust.com
212.11.190.179nai.com
151.76.123.174networkassociates.com
1.122.55.143norton.com
114.205.99.67pandasoftware.com
162.209.94.74rads.mcafee.com
18.109.6.182sandbox.norman.com
159.140.73.170secure.nai.com
93.7.28.101securityresponse.symantec.com
246.51.142.19sophos.com
184.186.244.109symantec.com
17.31.216.248symantecliveupdate.com
156.19.154.200symatec.com
149.3.16.174trendmicro.com
51.123.120.189uk.trendmicro-europe.com
86.201.15.248update.symantec.com
14.0.161.162updates.symantec.com
77.63.106.123updates1.kaspersky-labs.com
103.102.153.237updates2.kaspersky-labs.com
161.18.198.109updates3.kaspersky-labs.com
115.142.55.19updates4.kaspersky-labs.com
70.154.189.38us.mcafee.com
71.169.143.183viruslist.com
164.252.88.112virusscan.jotti.org
197.65.246.49virustotal.com
84.17.18.183www.avp.com
38.3.13.214www.ca.com
103.159.240.254www.customer.symantec.com
5.238.94.32www.dispatch.mcafee.com
196.243.41.39www.download.mcafee.com
132.71.144.23www.downloads1.kaspersky-labs.com
17.174.88.11www.downloads2.kaspersky-labs.com
5.210.162.153www.downloads3.kaspersky-labs.com
45.252.74.230www.downloads4.kaspersky-labs.com
224.247.183.102www.downloads-eu1.kaspersky-labs.com
61.140.204.142www.downloads-eu2.kaspersky-labs.com
194.27.249.130www.downloads-eu3.kaspersky-labs.com
193.220.151.120www.downloads-eu4.kaspersky-labs.com
8.211.7.99www.downloads-us1.kaspersky-labs.com
71.218.198.150www.downloads-us2.kaspersky-labs.com
176.245.112.246www.downloads-us3.kaspersky-labs.com
157.203.90.122www.downloads-us4.kaspersky-labs.com
227.225.69.110www.f-secure.com
32.140.82.85www.grisoft.com
132.169.54.95www.kaspersky.com
22.153.210.184www.kaspersky-labs.com
79.134.192.56www.liveupdate.symantec.com
151.113.219.179www.liveupdate.symantecliveupdate.com
15.29.238.123www.mast.mcafee.com
140.60.13.59www.mcafee.com
224.144.166.210www.my-etrust.com
178.202.127.222www.nai.com
4.105.4.114www.networkassociates.com
59.97.41.215www.norton.com
63.200.206.195www.pandasoftware.com
245.214.88.89www.rads.mcafee.com
79.235.114.105www.sandbox.norman.com
8.125.178.193www.secure.nai.com
236.5.15.15www.securityresponse.symantec.com
186.100.83.139www.sophos.com
223.216.26.137www.symantec.com
82.221.235.153www.symantecliveupdate.com
157.54.136.202www.symatec.com
249.98.125.209www.trendmicro.com
254.64.16.26www.uk.trendmicro-europe.com
66.182.158.253www.update.symantec.com
129.121.247.46www.updates.symantec.com
34.235.83.14www.updates1.kaspersky-labs.com
26.172.111.7www.updates2.kaspersky-labs.com
155.175.239.25www.updates3.kaspersky-labs.com
24.162.135.35www.updates4.kaspersky-labs.com
224.96.19.56www.us.mcafee.com
21.39.37.249www.viruslist.com
141.253.169.178www.virustotal.com
|
|
Manish Hatwalne
Ranch Hand
Joined: Sep 22, 2001
Posts: 2573
|
|
Thsi virus is executing file "ati.exe" again and again and it is messing up with my system. I have removed all traces of this file from my PC and also removed traces from registry as well...but it is still getting launched somehow. I have updated my NAV and run full system scan and it does not detect anything. Wonder how can I get rid of thsi permanently???
Any pointers??
- Manish
|
|
Chetan Parekh
Ranch Hand
Joined: Sep 16, 2004
Posts: 3636
|
|
I don�t have any idea about this virus.
But when I was in networking field, instead of running antivirus from the OS, I used to boot the system with bootable cd of antivirus and used to scan. We had some old versions of Norton Anti-Virus that had boot capability. Just check for the same in the new version of Anti Virus and scan using boot functionality.
|
My blood is tested +ve for Java.
|
|
Deepak Bala
Bartender
Joined: Feb 24, 2006
Posts: 6588
|
|
Check this out...
ATI.EXE thing
looks similar to your problem
|
SCJP 6 articles - SCJP 5/6 mock exams - SCJP Mocks - SCJP 5 Mock exam (Word document ) - SCJP 5 Mock exam in Java.Inquisition format
|
|
Manish Hatwalne
Ranch Hand
Joined: Sep 22, 2001
Posts: 2573
|
|
Originally posted by John Meyers: Check this out... ATI.EXE thing looks similar to your problem
This is exactly what I found yetesrday, and I removed all traces manually -- but for some weird reason thsi ati.exe still pops up!!! Wish M$ Windwos were more secure.... 
- Manish
|
|
Sameer Jamal
Ranch Hand
Joined: Feb 16, 2001
Posts: 1870
|
|
Is there any entry called wintbp.exe in
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
|
|
vjy chin
Ranch Hand
Joined: Feb 17, 2005
Posts: 279
|
|
You can post your question in a site called http://www.security-forums.com/
Its a good security site and people there are really helpful.
Plus, I am not advertising this site, i am just suggesting.
Hope this helps.
|
|
 |
|
|
subject: Some virus????
|
|
|
0
