backdoor.berbew.p virus

  • Thread starter Thread starter Alex Potter
  • Start date Start date
A

Alex Potter

Hi there,

I just finished recovering from this virus and am wondering if there is some
utility
out there that will show me the processes actually running on my computer;
while infected, Task Manager does not!!!

On article on how the virus accomplishes this would also be of interest...
The symantec site just says that it uses a "rootkit"...which to me is rather
vague


TIA

Alex
 
There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Sysinternals has many utuiilities that can help from TCPVIEW.EXE to PSTools
http://www.sysinternals.com/ntw2k/utilities.shtml


This is a Password Stealing Trojan. I hope you CHANGED all account passwords !

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.p.html
http://vil.nai.com/vil/content/v_129610.htm

--
Dave




| Hi there,
|
| I just finished recovering from this virus and am wondering if there is some
| utility
| out there that will show me the processes actually running on my computer;
| while infected, Task Manager does not!!!
|
| On article on how the virus accomplishes this would also be of interest...
| The symantec site just says that it uses a "rootkit"...which to me is rather
| vague
|
|
| TIA
|
| Alex
|
|
 
Alex Potter fumbled, fiddled and fingered:
Hi there,

I just finished recovering from this virus and am wondering if there
is some utility
out there that will show me the processes actually running on my
computer; while infected, Task Manager does not!!!

On article on how the virus accomplishes this would also be of
interest... The symantec site just says that it uses a
"rootkit"...which to me is rather vague


TIA

Alex
Click to expand...

Hopefully you'll find this useful

http://www.f-secure.com/v-descs/padodorw.shtml
 
Yikes!!!

When you say ". I hope you CHANGED all account passwords !"
does that mean all user logons???

TIA
 
Yes. It is a password stealer. While I ma not acquainted with its methodology the purpose
of password stealers is to capture the logon name and password of accounts and send them to
a third party. The purpose is to then use the obtained information for nefarious reasons.

If the PC was infected that is the prudent course of action to take, changing passwords ASAP
!

--
Dave




| Yikes!!!
|
| When you say ". I hope you CHANGED all account passwords !"
| does that mean all user logons???
|
| TIA
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Back in work today 6
The Black Internet Virus 4
mystery virus, can't even boot up now 1
Finding the COA serial# in the registry for XP-Pro 11
Rootkit infection (Popureb) requires Windows reinstall, says Microsoft 1
Devastating Malware/Rootkit - Invincible 1
Removal of EXE file currently running that is infected with a Virus 3
Virus hit, now system sluggish 3

Back
Top