-
It's all about the Benjamin
I got the Benjamin virus from Kazaa. I didn't know what it was, but I noticed my file transfers wen't from 60-100kps to 2-20kps.
Also, I noticed that my Kazaa "connected as" menu said I was sharing 4391 file, when I was only sharing 77. Ouch. System Suite 4.0 Anti virus showed nothing, so I did a little more investigation. I located some of the files supposedly shared, they were fake screen savers, all copies of the virus, mostly named as band names with a file extension .scr .exe
Yes, that many spaces included. It imbeds itself in to the temp folder in a sub folder called Sys32, therefore it won't be searched out by a usual Windows search. It can be deleted, and there seemed to be no trace of it. Until I noticed a very odd file running in the Task Manager. Explorer.scr was yet another clone of Benjamin. It was actually in C:\WINDOWS\SYSTEM! Deleted that one.
Things to watch out for:
A fuzzy Windows Media Player-Icon-bearing file
A huge sum of files being shared in Kazaa.
A second explorer running in task manager
The sys32 folder in C:\Windows\Temp with a lot of those fuzzy icons
A file that didn't work after download. Check Task Manager (CTRL-ALT-DELETE) for that same file running.
Make sure to download your latest virus definition packs for you AV software!
-
Re: It's all about the Benjamin
Originally posted by [gg]Daedalus
I got the Benjamin virus from Kazaa. I didn't know what it was, but I noticed my file transfers wen't from 60-100kps to 2-20kps.
Also, I noticed that my Kazaa "connected as" menu said I was sharing 4391 file, when I was only sharing 77. Ouch. System Suite 4.0 Anti virus showed nothing, so I did a little more investigation. I located some of the files supposedly shared, they were fake screen savers, all copies of the virus, mostly named as band names with a file extension .scr .exe
Yes, that many spaces included. It imbeds itself in to the temp folder in a sub folder called Sys32, therefore it won't be searched out by a usual Windows search. It can be deleted, and there seemed to be no trace of it. Until I noticed a very odd file running in the Task Manager. Explorer.scr was yet another clone of Benjamin. It was actually in C:\WINDOWS\SYSTEM! Deleted that one.
Things to watch out for:
A fuzzy Windows Media Player-Icon-bearing file
A huge sum of files being shared in Kazaa.
A second explorer running in task manager
The sys32 folder in C:\Windows\Temp with a lot of those fuzzy icons
A file that didn't work after download. Check Task Manager (CTRL-ALT-DELETE) for that same file running.
Make sure to download your latest virus definition packs for you AV software!
Ya, i got this nasty little bugger over the weekend as well. I may end up formatting at some point in the near future cause I never know whether I totally got rid of the thing and you could end up with problems down the line...oh well, this is the price you got to pay for free software i guess...
To me, clowns aren't funny. In fact, they're kind of scary. I've
wondered where this started and I think it goes back to the time I went
to the circus, and a clown killed my dad.
-
Actually I know for a fact it's gone. McAfee & SystemSuite4.0 both have updated their virus definitions recently. I use them both on different machines. I'm sure Symantec has updated too, but I don't use it anymore.
It's really not that malicious of a virus. I believe it's gone, but if you have that need to be sure, then go with it.
-
Ultimate Member
Nothing like a "always-running-fully-updated-scanning-everything" antivirus
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|