The name of the infection in my computer is mrofinu1001186.exe, I’ve sent the file to a on line file scanner http://virusscan.jotti.org/ and got the results above. I don’t know how this virus keep infecting my computer because I’ve just formated my computer, install free avast and soon as i run windows update the virus somehow keeps coming back. The sequence of problems are the same, avast stop working with memory errors, notepad stop working (doesn’t start), explorer crash and after reboot i get a empty Desktop, no icons nothing. I have to run firefox from command line.
Also, i doesn’t run my computer with administration rights, i only logon as administrator to run windows update, everything else i use “Run As”.
I have only one partition in my computer and the entire drive was formated, did not restore or install nothing, is just the time to connect to internet to get infected, My modem/router Speedstream 3610 that does the connection. My Windows is XP SP3 Original.
Do i need to close any specific port at the firewall?
I my router web inbound TCP 80/UDP 53/TCP 443 traffic is allowed and all outbound is allowed.
I did scan my PC with spybot, had the tea time protectin but it was infected also, every time i scanned the computer it woun’t find a thing, this virut found a good environment in my computer, i had cygwin environment and found a dozen *.h files in my C:/ driver after closer inspection of my backup’s. I had to trash about 3Gb of backup, didn’t lost anything because most of it i had the source code.
I was unable to do a boot scan because every time i tried to do so i end up with memory errors, illegal access types, very crazy errors.
After restoring the last image backup I’ve build a BartPE image with Avast inside Fedora 9 running windows 2000 in vmware, Virut was trigged about 12.381 times.
I’ve googled for more info at the time, this is how i got here ;D
All the info i got was sites telling about how i could got this from, like p2p, “strange” sites and that was not the case. I tough that i got this from some open port or something like this.
It is an IRC backdoor, there is more than likely where you may have got it. There are so many ways to have a comp infected, not fully patched OS, critical software not updated; like Java, MediaPlayer etc, an infested pen drive (USB) or through the Internet. Prevention: update, patch, use a safer browser like Fx 3.01 with in-browser security like NoScript, and clear your cache and your temporary files regularly with ATF Cleaner or ClearProg, use a solid FW. And come here more often, I have learned a bunch of security things while staying at forum.avast.com and I thank the avast people for that from the bottom of my heart, my computer has been clean ever since,
I do work with security my self, in fact i was the one that gave Microsoft the original concept of LUA (Least-Privileged User Account), to tell you the truth they stole my work. Since November 2002 I’ve stop using antivirus after a proof of concept that a virus will not infect your computer without administrative privileges, oh that is a long story…
Anyway, i do use 3 firewall at home, one in my router, other in my home server (Debian 3.1) and Comodo Firewall in my windows Desktop, i use Fedora 9 in my main computer, this windows machine I use for electronic CAD work and video editing.
I did find the person who gave me the virus, it was a friend of mine that do some programming and i had to run his app as administrator, all started from there.
But i will keep coming back, I’ve never used avast before but i will keep it on my windows machine for a while.