There is a virus and a family of virus that hit the internet last year, december. I realized it's a sleeping virus or what is called a trojan. ive managed to clean my home-office network now and was able to isolate its variants, so that i was able to save 1 workstation from re-installation.
Read some details from this site:
http://www.prevx.com/filenames/1575832247731382755-X1/IMPLAYOK.EXE.html
However not much is said here based on my experience with it. Here's the captain's log :-)
1) the virus exploded through an online gaming which one of my daughters always does in facebook. exploded meaning it's been in my system way before already. just waiting to attack.
2) implayok and its variants like reader_s and all its offsprings stalk the internet for an opportunity to attack. what opportunity? apparently when you install some basic peripherals like your motherboard drivers and bluetooth.
3) pirated software with key generators also leave the gate open wide for the implayok family
4) since i was hoping not to have to re-install i tried a couple of virus and malware cleaners, AVG, mcafee, remove it pro, avira, malwarebytes, norton av, but to no avail
5) what does it do when it explodes? everything. it doesn't cause too much headache for the ordinary user, but for the admin, it's hell. on the user end, printing gets screwed up and some software just shuts down. while for the admins, you can't enable the "show all file" option in your windows explorer's tool/option menu; you cannot install virus software; you cannot access virus software websites or websites that talk about the implayok virus; you will have a replicated svchost.exe in your processes and other unwanted .exe processes
6) the virus family is so kind to show you that they're easy to find IMPLAYOK.EXE and READER_S.EXE You will find them in your c:\ and c:\windows\system32\ and your profile's root drive too. it will allow you to do ctrl-alt-del and you will see it in your processes tab. it will also allow you to do a regedit and you will see it in the "run" folder in both current user and local machine groups. IF YOU DELETE THEM THEY WILL BE DELETED. Thing is since your "view all" options is disabled, they will come back with a vengeance. They are embedded in the installer roots in your windows folder.
7) so when you re-install, do not plug into the internet. however the problem is there are some software that ask you to register online before you can use them. also you may have software installation files that have rootkit in them so when you plug into the internet, kabam! implayok is back!
how then? this is getting too long. please wait for my next blog.
ciao! ciao!
No comments:
Post a Comment