Inactive Medfos.b virus

ianamal · 2013/03/19

[Inactive] Medfos.b virus

A friend runs a taxi business only a small one and a employee browsing the internet has managed to infect the only computer running the Cordics taxi software.

I had a quick look today and ran:-

Tdsskiller,(parameters changed to scan for TDLFS file system) Renamed before use.

Malwarebytes Chameleon

RogueKiller

HitMan Pro

AdwCleaner

Emsisoft Emergency Kit

Deleted the restore point and created a new one, but it's back on today!

All these programs removed items Etc... So it's obviously a nasty awkward piece of malware to get rid of, MSE stopped a process running BTW.

Could during the initial exploit of the Java vulnerability downloaded something else?

Just trying to help a friend and if it doesn't have to be sent 150 miles back to Cordic for a new drive and possibly someones job!

Regards, Ian.

broni · 2013/03/19

Please, complete all steps listed HERE

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

ianamal · 2013/03/19

Sorry I should have explained the situation more clearly!

IMHO nobody should be using this vital computer to search the web Etc....

The taxi rank closes during the week at approximately 1 am, so between this time and 7 am is the only time someone can realistically work on the system without disrupting business.

I thought by raising the issue of this particular virus and It's severity may in some way help others!

Don't allow employees to surf the web on critical machines, this will be remedied at this company tomorrow.

The person responsible will be transporting the machine to have a new HD installed, end of story.

I would personally relish the chance to sort this particular problem out with you and help a Windows user but the desicion has already been made.

Broni I have read a lot of your posts and believe we could fix this together and I'd learn a lot from it as well, maybe next time!

Java what can I say, Swiss cheese!

Thankyou for the reply, Ian.

broni · 2013/03/19

You're very welcome

ianamal · 2013/03/20

I know you guys are here to help, but I can't go down every night for 1 am to run scans and post logs etc...

The infected machine is going down to Cambridge tomorrow and after all it is a business,so at the end of the day if they have to pay to get it fixed they have no choice and I think some valuable lessons have been learned over this.

Ran all my scans today and yipee not even a cookie to delete!

My best wishes, Ian

Log in or Sign up

Inactive Medfos.b virus

ianamal Well-Known Member Thread Starter

broni Moderator Malware Analyst

ianamal Well-Known Member Thread Starter

broni Moderator Malware Analyst

ianamal Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive Medfos.b virus

ianamal Well-Known Member Thread Starter

broni Moderator Malware Analyst

ianamal Well-Known Member Thread Starter

broni Moderator Malware Analyst

ianamal Well-Known Member Thread Starter

Share This Page

Useful Searches