Jump to content
Login with your Gmail HERE and start posting in seconds! ×

Beware The ‘kryptik’ Trojan.

bdenner

By bdenner
in IT and Computers

 Share

Recommended Posts

bdenner Platinum Member

bdenner

Posted
Posted (edited)

This morning my PC was attacked by a variant of the ‘Kryptik’ Trojan some how got through NOD32 initially but was picked up later. Too late damage done, the only way I could get into my machine was via a boot CD. It corrupted the boot.ini file (Xp Prof SP3) although on initial inspection it looked OK but it wasn’t until I built a new file was I able to get past the ‘Disk Error’ message I received on boot up and get in to finish cleaning the mess. A heart stopping couple of hours.

Note:

Look at your C:\Windows\system32

Look for 3 files NLx.EXE

x = B, C, D,

Delete them or if unsure move them to another ‘Junk’ folder.

Then

Look at your C:\Windows\Prefetch folder

Look for 3 files starting with NLx.EXE they will look something like NLB.EXE-1E7655f5.pf

x = B, C, D,

Delete them or if unsure move them to another ‘Junk’ folder.

After they have done their damage they get moved to your ……\Local Settings\Temp\ folder as NLD.EXE. It was on the move that NOD32 detected their presence.

KEEP A COPY OF YOUR ‘boot.ini’ file on a memory stick as there are many viruses out there that attack it.

Edited by bdenner
Link to comment
Share on other sites
bdenner Platinum Member

bdenner

Posted
  • Author
Posted
How exactly did you got infected? Did you run any executable?

No I definitely did not run a new executable and normally make a point of scanning anything I (knowingly) download. When NOD 32 alerted me to the problem I was given options on what to do so I selected delete and clean. i was asked to reboot and could not get past "Disk Error" on the boot up stage. F8 was useless so no entry to the 'SAFE MODE'.

And don't use NOD32 !

First time in many years it has let me down, they all have idiosyncrasies can you tell me what the 'PERFECT' solution is?

Link to comment
Share on other sites
welo Gold Member

welo

Posted
Posted
And don't use NOD32 !

First time in many years it has let me down, they all have idiosyncrasies can you tell me what the 'PERFECT' solution is?

No antivirus solution offers 100% protection against zero-day malware. Definition based scanners don't work since even the best lab cannot provide immediate updates. Heuristic and behavioral scanners can detect unknown malware but still nowhere close to 100%.

Currently I am testing ThreatFire (behavioral protection, highest level) and Avira (heuristics set to highest level) and during my tests a newly published malware still got through. And ThreatFire is causing all kind of annoyances at this level (slow downs and even crashing some apps).

Personally I think NOD32 is hyped in Thailand, but serious reviews always rank it among the TOP10 antivirus solutions, so it is surely a good enough product.

welo

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.










×
×
  • Create New...