Good for me I have more than one user account.
My virus checker caught it but could not fix it.
The virus was using most of my bandwidth. There were to processes I did not recognize:
WinnConfig.exe <---The one doing the transfers.
jumsvc32.exe <---Not sure what it does.
If it is active, the process will close Regedit if opened. It of course runs on startup. Apparently only for the user where it was initially installed. I logged in with another account a cleaned the keys from the registry.
It also modified my host file to block all the western virus companys:
Google searches turn up nothing on the exe files. I checked with Olly and the exes are compressed. Is there a place to send these so the virus can be analyzed?
Thanks.
BTW I use Ahnlabs V3. A popular virus software here in Korea.
edit:
They didn't block TrendMicro Housecall :P
It identifies jumsvc32.exe as WORM_SDBOT_BMP
My virus checker caught it but could not fix it.
The virus was using most of my bandwidth. There were to processes I did not recognize:
WinnConfig.exe <---The one doing the transfers.
jumsvc32.exe <---Not sure what it does.
If it is active, the process will close Regedit if opened. It of course runs on startup. Apparently only for the user where it was initially installed. I logged in with another account a cleaned the keys from the registry.
It also modified my host file to block all the western virus companys:
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
Google searches turn up nothing on the exe files. I checked with Olly and the exes are compressed. Is there a place to send these so the virus can be analyzed?
Thanks.
BTW I use Ahnlabs V3. A popular virus software here in Korea.
edit:
They didn't block TrendMicro Housecall :P
It identifies jumsvc32.exe as WORM_SDBOT_BMP
You might want to try http://www.bitdefender.com for a decent free AV, or kaspersky if you're willing to pay for a pretty good commercial one. Also, for situations like the one you just had, pslist and pskill (from pstools at http://www.sysinternals.com) are invaluable!
i can also recommend a personal firewall, and you'll only allow your browser and mail account (and whatever else you use) to connect outside. it saved my ass many times, with browser exploits that downloaded nasty stuff and other bad things. also good for your privacy.
first, a good "external" firewall - this means a BSD or linux router, or a hardware device.
Second, run from a limited user account, not one with administrative privileges.
Third, a "personal" or "software" firewall. Even with a good external FW, these are helpful as they can limit programs outgoing traffic, and alert you if something fishy is going on.
Fourth, a good antivirus product (not mcafee or norton).
Fifth, norton/symantec ghost :-)
Second, run from a limited user account, not one with administrative privileges.
Third, a "personal" or "software" firewall. Even with a good external FW, these are helpful as they can limit programs outgoing traffic, and alert you if something fishy is going on.
Fourth, a good antivirus product (not mcafee or norton).
Fifth, norton/symantec ghost :-)