Attention Streamyx Users! Virus Attack!

[ftzone]

freestyler,

actually i called the hotline to report on other faults.. not this problem. I just verbally told the girl which attended me.

btw,
in my other findings, if you PC is connected to a proxy, it's unlikely that your PC will experience the symptoms as in the first post... however as we know, worm based infections will still be able to replicate itself in the network. conclusion, PC which is connected directly to the modem is the first to get infected.

currently the trojan horse which is infecting your PC memory as far as I've detected. (which means when you run the task manager you are able to see the file is running)

1. winsysban7.exe
2. winsysban8.exe
3. winsysban9.exe

qoolaid - worm

you may also check your C:\ directory for executable files with names such as
gimmygames.exe (spyware generic downloader) this is a spyware. do not execute the file. delete it.
install.exe and installer.exe also a generic downloader... delete them. they all reside in your C:\ root directory.

i will update my findings again when i go home and let my PC be the test subject..

 

[-fRëɧt¥£3R-]

freestyler,

actually i called the hotline to report on other faults.. not this problem. I just verbally told the girl which attended me.

btw,
in my other findings, if you PC is connected to a proxy, it's unlikely that your PC will experience the symptoms as in the first post... however as we know, worm based infections will still be able to replicate itself in the network. conclusion, PC which is connected directly to the modem is the first to get infected.

currently the trojan horse which is infecting your PC memory as far as I've detected. (which means when you run the task manager you are able to see the file is running)

1. winsysban7.exe
2. winsysban8.exe
3. winsysban9.exe

qoolaid - worm

you may also check your C:\ directory for executable files with names such as
gimmygames.exe (spyware generic downloader) this is a spyware. do not execute the file. delete it.
install.exe and installer.exe also a generic downloader... delete them. they all reside in your C:\ root directory.

i will update my findings again when i go home and let my PC be the test subject..

wats the report number..if u hav d report number..then mayb i can speed up the case for u when i log in work 2moro..

 

[ftzone]

926988 -

my problem already solved. it was one of my client PC hogging down the router's gateway ip.

 

[-fRëɧt¥£3R-]

lol..okie

 

[si|verfish]

Like I said, if it is a potential wide spread problem, with a lot of people who haven't upgraded their Windows, TMNet had better make a public alert announcement.

Freestyler, you work at TMNet? Maybe you should get some wheels turning over there.

 

[-fRëɧt¥£3R-]

the thing is silverfish..if even it is a virus problem, they will jus deny it cos wan 2 protect their image..i know they shud at least put up a notice on their website or at least hav some preventive action taken, but so far none yet..i think its jus cause its suspected..cos yesterday wen i worked..none of the calls received were regarding this problem.

 

[si|verfish]

It isn't actually Streamyx's problem is it, in the sense that it isn't their fault? More like unpatched Windows getting exploited. Still they should inform the users.

 

[BudakSiol!]

Tried reinstalling windows several times already, yet same problem persists.
Format it yet still the same problem.Virus jumped to the other hardisks already? cos i have 2 hardisk and one em has windows and is particioned....hellppp! sucks man computer gile for god knows how many weeks already.

btw, mine cannot connect online is one thing. Other thing is windows masuk loading cannot load already. Windows totally corrupted. Funny thing is I'm quite sure i was using Service pack 2 when it happened to me and i reinstalled windows with servicepack2 yet still same shite happen.

 

[si|verfish]

You might want to reformat your whole harddisk and make a clean install. Then run SP2 before connecting to streamyx.

 

[TRD16v]

Get a standalone WinXP SP2 and install it instead of download from website which takes more time and its size is 266MB.

Thank god I'm using unix so far so good. My office last week Windows 2003 kena and the server is use for UBS accounting hosting. KNNCCB! Patch up quickly and then solved the issue. My air cargo office also W2K Server also patch it up those updates and so far so good. Windows Home / PRO SP1 gerenti sure kena.





Regards,
Mike

 

[TRD16v]

Use bitdefender AV also to scan. It helps a lot also. AVG nowadays duno why less dependable oredi. My 2 cent la.. McAfee is so far good.




Regards,
Mike

 

[satria_95]

Tried reinstalling windows several times already, yet same problem persists.
Format it yet still the same problem.Virus jumped to the other hardisks already? cos i have 2 hardisk and one em has windows and is particioned....hellppp! sucks man computer gile for god knows how many weeks already.

btw, mine cannot connect online is one thing. Other thing is windows masuk loading cannot load already. Windows totally corrupted. Funny thing is I'm quite sure i was using Service pack 2 when it happened to me and i reinstalled windows with servicepack2 yet still same shite happen.

It could be something else that happened. If you have 1 physical hard disk, but you partition it into 2 logical drives, then it's going to be hard to trouble shoot. With 2 logical partitions, personally, I would try to back my stuff up even though it may be possibly infected with virus. Once done the back up, fdisk the hard disk and create only 1 partition. If you need another drive for saving your documents and such, spend some money on a second physical hard disk. Better to have 2 physical hard disk than one. After you fdisk and re-formatted the hard disk, try reinstalling Windows again without any connection to the net. After installing windows, immediately install an antivirus. You would then have to find someway to get the latest patch, update, etc for your anti virus without connecting to the internet. Maybe download it from your friends' place, copy it to thumb drive and bring it back home. Patch the antivirus software, update the AV patterns, etc. and then install all other stuff.
That's all I can think of for now.

 

[ftzone]

BudakSiol,

My recommendation is booting the PC from a clean source (CD Boot) and FDISK the gawd damn hard disc. As some worms / viruses are able to keep themself from being formatted by staying in the Master Boot Record.


i believe the DNS server at TMNET side is planted with these worms. As we know, worms are able to replicate itself in the network unlike conventional computer viruses. Therefore any clients which is connected to the infected server will also be vulnerable to the worms. Why I say this? This is because you get infected even before you surf any websites.

Even it is Windows XP that is vulnerable to attacks, TMNET as an Internet Service Provider should be partly responsible to minimize the attacks as well. Not just sit quiet and hope for the best. (this i agree with silverfish) perhaps TMNET can send/distribute free copies of CDs with the latest windows XP Patches and a guide for newbies to set their computer security settings.

I've also noticed that Norton Antivirus Program is unable to detect some of these new worms.

 

[BudakSiol!]

Woaaa thanks for the fast feedback guys. Will get the latest antivirus patches, actually my xp cd comes with sp2. I tried to scan for sasser virus & also a sasser virus removal program but none show up....Going to try you guys idea, before i have to format everything!Thanks a bunch!

Satria_95,
I actually have 2 physical hdisk!

 

[ftzone]

new viruses updates.

infected automatically even without surfing the internet.
newexe.exe (location : C:\windows\system32) Virus W32/sdbot.worm.gen.h
win32sprot.exe (location : C:\windows\system32) Malware.j - Trojan
winsysupd10.exe - adware (location your internet temporary files)