Jump to content


  • Content Count

  • Joined

  • Last visited

About pedritux

  • Rank
  1. I bought SAS lifetime subscription a few weeks ago, installed it on my main system with Win XP SP3, security patches up to July 2010. Last week I watched a Robin Hood video (.AVI) with WMP which (I believe) exploited a Cinepak MS vunerability found out somewhere in August and patched by MS. It opened a webpage, I closed it at once, and I got infected. SAS said nothing so I disregarded it, although I found it strange that a video could open a webpage...but then again, MS shitty code keeps surprising me after 25 years of C coding. The infection seemed to open my system to further virus, so three days later, I noticed my disk space was going away, installed AVG to check my system and I found some effects, all effects of an infection called Ramnit by malware experts: - A trojan (C:\Program Files\Microsoft\desktoplayer.exe) masking itself as firefox.exe and using WinLogon/UserInit reg. key. - A trojan in .exe/.dll files - A VBS/Generic VBS script at the end of every .htm/.html file in my system calling svchost with a 100K binary coded ascii data stream... the trojan. - An internet connection to some bastard in central Russia, 193.23.126/24 It took me 3 days to clear this infection from all my disks, using Recovery Console, several anti-malware softwares and my own experience. - Why, during the whole process, SAS did not detect anything ? Real Time Protection was enabled the whole time. - How can I help you detect such viruses better ? I've got samples of the trojan corruption in some backed-up .EXE/.DLL/.HTML Thank you
  • Create New...