80 likes | 285 Views
Case Study. Father-in-law's computerUsed for e-mail, internet, letters, photos, taxes, financial etc.Early Pentium, Windows 98, Eudora, Telus high speedAVG installed in 2002, routinely updatedUnknown attachments not openedSpoofing, phishing recognized. Virus Symptoms. Called for help
E N D
1. Virus Removal BB&C Case Study Roger Bailey
Oct 2006
2. Case Study Father-in-law�s computer
Used for e-mail, internet, letters, photos, taxes, financial etc.
Early Pentium, Windows 98, Eudora, Telus high speed
AVG installed in 2002, routinely updated
Unknown attachments not opened
Spoofing, phishing recognized
3. Virus Symptoms Called for help � computer acting funny
Could not connect to internet or email
Default home page hijacked by http:/qing.com
Internet connections stalled by AVG
Virus infection?
4. Analysis Suspected virus, trojan or worm
Checked internet history
http:/qing.com visited
stopwar.org.uk visited just before
Checked email
Letter passed on by left wing nut grand-niece
�Click here to sign �Stop the War in Lebanon petition��
link had been clicked. Spoofed URL?
5. Diagnosis Google �qing.com virus�
Top hit: TRENDmicro:
Identified TROJ-BAGLE.BB
Many TROJ-BAGLE variations
One of many malware sites listed www.czwan{BLOCKED}qing.com/osa4.gif
Many sites spoofed/infected, eg Al Gore
7. What is a Trojan? Viruses replicate and infect
Trojans don�t replicate but are innocently invited in, like the Trojan Horse, to later open the gates to bring in the invaders
Malware takes over your machine:
Disables defenses (antivirus, firewalls, etc)
Installs virus (osa3.gif), spyware, key stroke loggers, etc
Replicates and infects
8. Virus Removal Many tools available, usually for a price
Manual instructions available: registry edits
I trust Gisoft. Go to AVG free advisor http://free.grisoft.com/freeweb.php/doc/2/
Click �Downloads� and �Virus Removal�
Download �Vcleaner�, save on floppy
Startup infected computer in safe mode
Run the remover to scan files and registry, detect and remove virus
Shutdown and restart
A Clean Machine! Magic, management or luck?
9. Conclusions A Clean Machine!
Magic, management or luck?
A mild infection, easily cured
No serious or long term consequences
AVG interaction limited infection?