Okay after the vitro it seems I was attacked yet again by not just one, rojan/worm/virus namely Downadup which also named as the following: Conficker, Kido and Downup… Crypto was in the way also… Take note that this is my office pc I’m talking about.

Took my precious 4 hours to remove this nasty malwares. The symptoms I first experience was getting prompts that a jpg/gif file is infected which resides in C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\(some gibberish alpanumerics)\(gibberish a filename).gif or .jpg

Now, you’ll notice that I’ve bolder “NetworkService”. It’s because there is no such path or user path in co-relation of the standard paths in “Documents and Settings”.

After getting prompt from your favorite antivirus of that path, you’ll soon notice next that your browsing greatly slowed down and soon no internet. You download bandwidth will become slow as dialup and will not have not more than 10kbps download stream.

Now I take a look in the taskmanager and see this file that I felt malicious and I never have seen before. The file executed and you will not able to terminate is :

msdriver32.exe

Even if you scan in your files you won’t see it, even if you look directly in C:\windows\ where the file resides. My first tip of first aid is get or I hope you already have procxp. Just google for it. It’s way much better than the conventional task manager of win xp.

Next is open regedit, search for msdriver32 and delete all entries if you happen to kill msdriver32.exe in the processes. One method I used to kill msdriver32.exe process is disconnect from the internet at the moment.

At this rate you will be able to browse the internet again, even at slow rate. So you can get this tools to remove these nasty malwares.

Go to bdtools.net for the removal. Run and it will prompt for reboot. I suggest to run it again and make sure no internet connection.

Then download the Microsoft Security Bulletin MS08-067 – Critical for the security patch so you won’t get infected again.

Thoroughly clean your system using spybot, plus Malwarebytes Anti-Malware.

Good luck everyone.

Well, I may be overly exaggerated the title as I want to make a quick post about this virus/spyware/malware. Just now I was attacked by this virus after opening this website (owned by our company), I noticed the website took way longer than usual. Then after caching some files, a jpg image was detected as a threat by AVG Free Edition. I will post some images later on (I’m felt sleepy after cleaning up the threat ) After being infected by this infected image from the website while caching. My internet browsing began relatively slow, then after some time while scanning more of the infection in my harddrive it seems it has already populate in my system files. AVG Free Edition failed to finish the task, now it was all up to me.

Checking in w/ the handy “hijackthis” I scanned my boot infos, registry, et cetera… I didn’t found any. Now my internet browsing was cut off. I still have my IM services up and running, chatting a buddy of here in the office. I ask and warned him don’t open this website, but it seems too late as I was now in the same scenario as him yesterday.

Of course, I made some research in the internet but hey! I forgot, no browsing hahaha
Firefox, Chrome, and IE … all white pages. I’ve tried rebooting and still no luck. This is the time where I dug deeper in the system files.

A forum in avast.com gave me ideas for the malicious files. All of them recently experienced this nasty virus just on the month of August.

With the help of procxp, hijackthis, regedit, msconfig and the good `ol shift-delete (perma delete). I’ve manage to kill the virus’ doing and now I’m able to write this article. Took me less 1 hour to go back online, a piece of advice? Don’t panic when Win32:Vitro comes knocking on your open ports

My daughter will be turning 3 years old now, time is fast and it’s amazing how fast your child grow.
Her birthday is on August 3, but we are celebrating it as early as August 1 or 2. August 3 is Monday which is workday of course.

My seagate 160gb crashed just now, almost 160gb of data are doomed to be lost. This slave harddrive consist of four partitions. Now the only accessible partition is the 1st and the 4th, my important files are on the 3rd… Argh!

This is madness, this is life!

Hoping to recovery today….

Wish me luck…

“The praise that comes from love does not make us vain, but more humble.”

“By seeing the seed of failure in every success, we remain humble. By seeing the seed of success in every failure we remain hopeful.”

“Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful.”