A new virus on the loose with political ambition?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi people,

I've got this rather nasty problem with some sort of a virus/trojan and
I don't know how to get rid of it because is seems not yet known by all
major AV-companies.

According to those 2 pages it's a variant of the Raila virus but that's
about all I know.

http://mweusi.blogspot.com/2007/07/raila-virus.html
http://www.advance-africa-forum.com/showthread.php?p=19856

McAfee is installed with the latest updates and Windows should also be
up to date.

The user got the problem this morning after signing in to MSN but did
not download any file and she has knowledge about what to do and which
files to trust.

This thing now hijacks most important programs and is using 100% CPU
time. You can't run the task manager anymore, can't turn on hidden files
anymore (the Folder options in the control panel has been hidden and the
menu in Explorer is gone too, and running the control panel extension in
system32 does not work either), running regedit restarts the laptop,
searching does not work and if you try to peek in some folders you get
kicked out of Windows (either with command line or Explorer).
And it does not matter if you're in Safe mode or not, so this really sucks!

And every 20 minutes or so you get a popup saying you should vote for
Kibaki or something like that (which is apparently the president after
the elections in 2002 and a candidate now).

She had however an infection a few days ago with Raila (but McAfee was
able to get rid of this) so probably these are related...

Raila is also a candidate btw:
http://www.kenyaelection2007.com/presidential.html

What should I do?

Wimmy

--
 From time to time you have to act crazy in order not to become it...

Re: A new virus on the loose with political ambition?

In alt.comp.virus, Wim Cossement wrote:

Quoted text here. Click to load it

Vote for the other guy?

Try some anti-malware software:
http://k75s.home.att.net/tips.html#spyware

--
   -bts
   -Motorcycles defy gravity; cars just suck

Re: A new virus on the loose with political ambition?

Beauregard T. Shagnasty wrote:
Quoted text here. Click to load it

Well I've already done that, this is not working either.

Isn't there a report point for 'new' viruses?

Re: A new virus on the loose with political ambition?

Quoted text here. Click to load it
========
Can you submit it to http://www.virustotal.com /

And post the results if you were able to?



Re: A new virus on the loose with political ambition?

Duh_Oz wrote:
Quoted text here. Click to load it

I'll do my best, thanks for the tip!

Re: A new virus on the loose with political ambition?


Quoted text here. Click to load it

Hi There.

Are you by chance able to run Hijackthis?
You may wish to give BugHunter a shot at scanning your machine for you,
preferably in safe-mode. You can use the included process control file if  
the malware? in question will allow it. Post back your results. Proc
control is inside safebug.zip, encrypted due to some virus scanners being
overly protective.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml


Re: A new virus on the loose with political ambition?

Dustin Cook wrote:
Quoted text here. Click to load it

I've tried to run Hitman pro to make things easier, but this was not
going anywhere, so maybe running the specific apps separately might do
something...
But as I recall I also could not open any zipfiles (or maybe it was due
to the content...)

Wimmy

Re: A new virus on the loose with political ambition?

Try taking the drive out and "slaving it" on a clean machine.


Re: A new virus on the loose with political ambition?

Duh_OZ wrote:
Quoted text here. Click to load it

Tis a laptop so I don't know how... :-(

Re: A new virus on the loose with political ambition?


Quoted text here. Click to load it

Depending on the laptop make & model, it's typically one or two screws
on the bottom of the laptop, or sometimes a latch and no screws, to
remove either a cover or the entire drive itself. Once the drive is
physically removed, computer stores sell an adapter that lets you
connect your drive to a USB port or to an internal drive connector on
a desktop PC.


Re: A new virus on the loose with political ambition?


Quoted text here. Click to load it


 For ~$10, one of these things can come in real handy at times...


http://www.geeks.com/details.asp?invtid=USB2IDE-25-35&cat=HDD


or for ~$20 if you see a need for SATA drives as well...

http://www.geeks.com/details.asp?invtid=2020&cat=HDD



--
Rick Simon               rsimon@cris.com

Include "spam(trap)key" somewhere in the
body of any email to avoid spam filters.

Re: A new virus on the loose with political ambition?

On Tue, 17 Jul 2007 16:43:34 GMT Rick wrote:

Quoted text here. Click to load it
A drive imaging program is handy also.  XXClone,
<http://www.xxclone.com/idwnload.htm , is free.  Norton Ghost,
<http://www.symantec.com/themes/ghost/index.jsp , also works but it isn't
free.
--
Ernie B.

Communication:  The art of moving an idea from one mind to another, hopefully
without distortion.

Re: A new virus on the loose with political ambition?


Quoted text here. Click to load it


Acronis true Image is V7 free but only handles IDE (i.e., not SATA)
drives, I believe, and is available as follows...

Go to http://rapidshare.com/files/27852592/truimage7.zip and click the
"Free" link. Enter the characters displayed then click on "Download
via Level 3." The serial number key is in the archive.

Re: A new virus on the loose with political ambition?

On Tue, 17 Jul 2007 19:10:12 -0400 Larry Sabo wrote:

Quoted text here. Click to load it
Why would the type of drive make a difference?

Quoted text here. Click to load it
The current version of True Image is v10, sells for $39.99 USD at amazon.com.  
See <http://tinyurl.com/ytz4oe .
--
Ernie B.

Communication:  The art of moving an idea from one mind to another, hopefully
without distortion.

Re: A new virus on the loose with political ambition?


Wim Cossement wrote:
Quoted text here. Click to load it

Try McAfee Stinger, free , about 2mb. Found trojans for me that others
missed.

Tommy



Re: A new virus on the loose with political ambition?

"Tommy McClure" <tommylee9_2000(AT)yahoo(DOT)com> wrote in message
Quoted text here. Click to load it
[snip]
Quoted text here. Click to load it

You do realize you're replying to an article dated Mon, 16 Jul 2007
17:44:59 +0200?

-jen



Re: A new virus on the loose with political ambition?


jen wrote:
Quoted text here. Click to load it

oops!



Re: A new virus on the loose with political ambition?

Hi;

I have the same problem, someone on http://www.avs.edgekenya.com
insinuates they got a solution, it seems the new Kibaki virus has
eluded them.

I have tried everything and it seems not to work.

Help.

Peter



Site Timeline