Stuff like this is a moving target that takes three people and tens of thousands of dollars of very sophisticated equipment to protect our organization from such incursions. The worst part of it is that the authors will take one piece of malware or a virus/trojan, whatever, and make a minor tweak to the code that can prevent it from being seen or detected by even the best antivirus software.
We are a "gold" Symantec customer due to the number of files we submit to them for further inspection EVERY DAY. I would add that we use geoblocking as well - that is, blocking IPs and domains that are in parts of the world that are known to be vectors for this stuff. No reason why we should be getting any traffic from those parts of the world, anyway. It's job security, man. Dan > On Feb 4, 2015, at 5:10 PM, archer75--- via Mercedes <mercedes@okiebenz.com> > wrote: > > The Korean malware, which had overloaded memory, blocked malwarebytes, and > slowed Win7 to a crawl, but still allowed the email and search engines to > function, has been removed; hopefully for good. > Esets scanner found its location but would only remove it if one subscribed > to Eset for $70. > > It was invisible to Avg, MS Security programs, and the usual "fixits" on Win7 > and other programs from the 'net. > Although it was visibly present on the MSconfig startup list, I hesitated to > try and remove it myself since that can often make removal more difficult or > impossible without wiping the HD. None of the antivirus websites on the 'net > seemed to know anything about it. > > I finally decided to "bite the bullet" and try removing it myself. > After spending probably an hour on every removal workaround I could think of, > and jeopardizing my chances of going to that great workshop in the sky some > day due to the foulest profanity, SUCCESS! North (or South) Koreas evil > geniuses have been defeated; no thanks to Malwarebytes $40 program. > > I'm thinking of investing $70 in Eset, an antivirus program that was top > rated in Consumers Reports in 2010. Either that or "really" biting the bullet > and switching to a Linux program or Apple. > Gerry > > -------------------------------- > Just now got a pop up that one or more aspects of Malewarebytes have been > disabled with a button to push for enable. I pushed the button. > Gerry > -------------------------------- > Been getting message from MS program that I'm low on memory. > Accessed msconfig, and at the top of the page appeared the word "Korean". The > next line had the symbol for "type configuration setting" with the address: > C:\users\archer\mydocuments\......... > > Right clicking the symbol brought up 29 pages of Korean characters. > > I'm running Malwarebytes (paid for professional program), AVG antivirus, and > MS firewall. > > A quick search of Google had nothing specific about this being known malware, > and this blog was the only reference I found that might apply: > > http://blogs.microsoft.com/cybertrust/2013/01/16/koreas-malware-infection-rate-increases-six-fold-in-six-months/ > > _______________________________________ > http://www.okiebenz.com > > To search list archives http://www.okiebenz.com/archive/ > > To Unsubscribe or change delivery options go to: > http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com > > All posts are the result of individual contributors and as such, those > individuals are responsible for the content of the post. The list owner has > no control over the content of the messages of each contributor. _______________________________________ http://www.okiebenz.com To search list archives http://www.okiebenz.com/archive/ To Unsubscribe or change delivery options go to: http://mail.okiebenz.com/mailman/listinfo/mercedes_okiebenz.com All posts are the result of individual contributors and as such, those individuals are responsible for the content of the post. The list owner has no control over the content of the messages of each contributor.
