Author Topic: Whitesmoke virus  (Read 12617 times)

Offline belmartian

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Whitesmoke virus
« on: January 27, 2011, 01:16:32 AM »
Running the most recent Avast (free) on my kid's computer (XP).  She went to a site that had the whitesmoke virus and it downloaded the virus onto her computer.  It was impossible to get rid of using both Avast and Malwarebytes.  Eventually, the DLLs must have gotten corrupted and I had to reinstall Windows.  My question is has anyone had this problem with this virus?  I'm concerned Avast did not block it.

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #1 on: January 27, 2011, 04:27:09 AM »
***

I cleaned this same problem off a computer a couple of weeks ago using MBAM. I first ran a Quick Scan and then a Fill Scan to get rid of most of it. Then, I ran a boot scan with Avast to get rid of the rest of it.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #2 on: January 27, 2011, 05:03:43 AM »
***

OOPS ... I just checked my notes and I had the above in the reverse order.

I did the Avast boot scan first, then the MBAM quick scan, and finally the MBAM full scan.

Usually, an MBAM quick scan gets all the problem but in this case it did not. So, then the full scan was needed.


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #3 on: January 27, 2011, 05:14:39 AM »
Quote
It was impossible to get rid of using both Avast and Malwarebytes.
did you update Malwarebytes before you run it ?
can you post the scan log here...  i guess not since you have reinstalled  ;)
« Last Edit: January 27, 2011, 05:16:38 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline belmartian

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #4 on: January 27, 2011, 05:20:12 PM »
Yes, I ran the most recent updates to Malwarebytes.  It was a frustrating experience, but with the Windows reinstall, at least the 'puter is running much faster, so my kid is happy about that.  And it's true, no scan log since I did a disk reformat and reintsall of Windows.  Do you know anything about this virus?  Was it just annoying, or a dataminer of some sort.
« Last Edit: January 27, 2011, 05:22:13 PM by belmartian »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #5 on: January 27, 2011, 07:32:22 PM »
Quote
Do you know anything about this virus?
http://www.google.no/search?q=what+is+whitesmoke+virus&hl=no&rlz=1I7SUNC_no&prmd=ivnsfd&ei=6dRBTczmEcvEswbkx9mdDg&start=0&sa=N

and by looking at the removal assist`s in Bleeping computer and Malwarebytes forum it is not the easiest malware to remove...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Whitesmoke virus
« Reply #6 on: January 27, 2011, 09:02:55 PM »
It is difficult to remove and has the side effect of trashing some key registry entries.  If you have the choice reformat is the easiest option, it is mainly a channel for redirects and act as a downloader for other malware.  That does not preclude keyloggers/password stealers 

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #7 on: January 31, 2011, 03:18:29 AM »
***

In my above post, Whitesmoke had downloaded a trojan onto the infected laptop.

I will agree with Essexboy that it would have been easier to reformat.

***
« Last Edit: January 31, 2011, 03:20:08 AM by CharleyO »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline joan82

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #8 on: February 01, 2011, 03:08:01 PM »
Whitesmoke is a great software and I recommend anyone to use it. I haven't had any problems with a virus!

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #9 on: February 01, 2011, 03:56:08 PM »
In WhiteSmoke blog there is a statement....I do not know if this is true or false   ???


"WhiteSmoke Virus", "WhiteSmoke Translator Virus" - NOT a Virus
hxxp://wxw.whitesmoke.com/virus  ( 2 hits on URLVoid and 1 on VT url scan )

Quote
We at WhiteSmoke Inc. take this issue very seriously and have investigated every angle to find out why this has happened. We've found that, unfortunately, a partner of ours chose to use our name to spread out this "virus". Said partner has, of course, been dealt with and we've partnered up with top anti-virus companies such as AVG and Norton to make sure that our customers enjoy the security and privacy they deserve.

I also gave the free programs a VT scan

WhiteSmoke_Enrichment_free.exe - 3/43
http://www.virustotal.com/file-scan/report.html?id=188bb45d3c2166cb34acd0a1653775f0aac9dfef2bfa3aba9329e94aa23ccc6f-1296578264

 
WhiteSmokeTranslatorStub.exe - 2/43
http://www.virustotal.com/file-scan/report.html?id=8f5da8b898e3c056cbadf7349a7307e51083ae8b221d7b1627786a0d4e0d3d5a-1296578444


« Last Edit: February 01, 2011, 04:14:09 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Online essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28975
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Online)
Re: Whitesmoke virus
« Reply #10 on: February 01, 2011, 06:15:53 PM »
The problem is how can you tell the difference between the rogue and the good one ?

Offline belmartian

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #11 on: February 02, 2011, 02:41:31 AM »
Good question essexboy.  My daughter went to the Whitesmoke site because she wanted a spell checker.  She tells me she didn't download anything.  I do not know this for sure, but apparently just visiting the site triggered the virus.  A very frustrating lesson since by reformatting her computer she lost several story files she had been writing.  Next lesson: backing up her files.

Offline CharleyO

  • avast! Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7102
  • Gender: Male
  • Be alert for error code - ID 10T
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #12 on: February 02, 2011, 06:21:09 AM »
***

If she needs a good spell checker that is free and safe, have her try tinyspell free version. I've used this for years since it helps catch my typos.

http://tinyspell.numerit.com/


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21689
  • Gender: Male
    • Personal Message (Offline)
Re: Whitesmoke virus
« Reply #13 on: February 02, 2011, 08:40:34 PM »
as you see from my post above, avast! detect both programs as malware


Avira say one is clean and one is malware
Quote
WhiteSmokeTransla...ub.exe    CLEAN
WhiteSmoke_Enrich...ee.exe    MALWARE


Norman say both are clean
Quote
WhiteSmokeTranslatorStub.exe : Clean!
WhiteSmoke_Enrichment_free.exe : Already detected as KNOWNCLEAN

The mysterious world of malware analysis   ???    ;D
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now