It's all about the Benjamin
I got the Benjamin virus from Kazaa. I didn't know what it was, but I noticed my file transfers wen't from 60-100kps to 2-20kps.
Also, I noticed that my Kazaa "connected as" menu said I was sharing 4391 file, when I was only sharing 77. Ouch. System Suite 4.0 Anti virus showed nothing, so I did a little more investigation. I located some of the files supposedly shared, they were fake screen savers, all copies of the virus, mostly named as band names with a file extension .scr .exe
Yes, that many spaces included. It imbeds itself in to the temp folder in a sub folder called Sys32, therefore it won't be searched out by a usual Windows search. It can be deleted, and there seemed to be no trace of it. Until I noticed a very odd file running in the Task Manager. Explorer.scr was yet another clone of Benjamin. It was actually in C:\WINDOWS\SYSTEM! Deleted that one.
Things to watch out for:
A fuzzy Windows Media Player-Icon-bearing file
A huge sum of files being shared in Kazaa.
A second explorer running in task manager
The sys32 folder in C:\Windows\Temp with a lot of those fuzzy icons
A file that didn't work after download. Check Task Manager (CTRL-ALT-DELETE) for that same file running.
Make sure to download your latest virus definition packs for you AV software!
Re: It's all about the Benjamin
Quote:
Originally posted by [gg]Daedalus
I got the Benjamin virus from Kazaa. I didn't know what it was, but I noticed my file transfers wen't from 60-100kps to 2-20kps.
Also, I noticed that my Kazaa "connected as" menu said I was sharing 4391 file, when I was only sharing 77. Ouch. System Suite 4.0 Anti virus showed nothing, so I did a little more investigation. I located some of the files supposedly shared, they were fake screen savers, all copies of the virus, mostly named as band names with a file extension .scr .exe
Yes, that many spaces included. It imbeds itself in to the temp folder in a sub folder called Sys32, therefore it won't be searched out by a usual Windows search. It can be deleted, and there seemed to be no trace of it. Until I noticed a very odd file running in the Task Manager. Explorer.scr was yet another clone of Benjamin. It was actually in C:\WINDOWS\SYSTEM! Deleted that one.
Things to watch out for:
A fuzzy Windows Media Player-Icon-bearing file
A huge sum of files being shared in Kazaa.
A second explorer running in task manager
The sys32 folder in C:\Windows\Temp with a lot of those fuzzy icons
A file that didn't work after download. Check Task Manager (CTRL-ALT-DELETE) for that same file running.
Make sure to download your latest virus definition packs for you AV software!
Ya, i got this nasty little bugger over the weekend as well. I may end up formatting at some point in the near future cause I never know whether I totally got rid of the thing and you could end up with problems down the line...oh well, this is the price you got to pay for free software i guess...
