Drew Community  

Go Back   Drew Community > General Forums > Technology Discussion
uLogin ID  
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 12-08-2010, 10:58 AM
Mike Richichi's Avatar
Mike Richichi Mike Richichi is offline
Moderator
 
Join Date: Jun 2005
Location: Chatham, NJ
Posts: 220
Default Removing the Kryptik Trojan

Okay, if your computer is running slowly or exhibiting poor network performance, it's very likely that it is infected with this trojan. It does also spread over the network, and some of that traffic is affecting some of our network devices, and is probably contributing to other people's slowness.

We found the most likely method by which it was actually infecting other computers, and were able to stop the spread through that method. However, the existing network traffic still causes problems for you, and problems for others.

You can certainly call the Helpdesk and we can tell you how to remove it, or you can get a reimage, but you can also help yourself.

We've tested various antivirus tools and the only one that we've been able to get to remove it effectively is the ESET virus scanner. They have a free online version at http://www.eset.com/online-scanner that you can download and use to find it.

When you use it, it will offer two checkboxes, one to disinfect, and one to scan archives. You have to check both checkboxes for it to fully remove this trojan (if you don't it will reinstall itself on the next reboot).

If you run this, and it finds something, tell it to remove it and delete the quarantine files, reboot, and use the scanner again, If it comes up clean, you're good. If not, call the Helpdesk for further instructions, and be prepared to tell them what you've done.

We appreciate everyone's help with this.
__________________
--Mike Richichi
Director of Computing and Network Services
http://depts.drew.edu/cns/
Reply With Quote
  #2  
Old 12-13-2010, 10:35 AM
Jennifer A. Heise Jennifer A. Heise is offline
Junior Drewid
 
Join Date: Aug 2005
Posts: 108
Default

Might want to send this out to faculty/staff as an email again; my departments say they hadn't heard about this. (We're de-kryptiking like crazy over here! )
__________________
--Jennifer Heise
"Comment is free, but facts are on expenses." - Tom Stoppard
Reply With Quote
  #3  
Old 12-17-2010, 01:28 PM
Mike Richichi's Avatar
Mike Richichi Mike Richichi is offline
Moderator
 
Join Date: Jun 2005
Location: Chatham, NJ
Posts: 220
Default

We've identified faculty/staff computers and have directly emailed users who are affected.

F-PROT is now detecting the trojan, with the names W32/MalwareF.RGBA, W32/MalwareF.RAQS and W32/MalwareF.QYQL. This should help enormously with containing the spread. Please allow F-PROT to remove the infection if it's detected.
__________________
--Mike Richichi
Director of Computing and Network Services
http://depts.drew.edu/cns/
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -4. The time now is 06:52 AM.


Powered by vBulletin® Version 3.5.7
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

Drew University is not responsible for the content of posts made on this site. All posts and comments reflect the opinion of the author.