Author Topic: win32.fason  (Read 5072 times)

0 Members and 1 Guest are viewing this topic.

Starfighter

  • Guest
win32.fason
« on: September 28, 2006, 06:49:51 AM »
I just got nuked by the worm win32.fason
Avast did not protect me with the latest definitions.

What to do?  Is there an uninstaller for this worm?


Starfighter

  • Guest
Re: win32.fason
« Reply #1 on: September 28, 2006, 07:31:59 AM »
Some further info....

It relates to this virus:

http://tinyurl.com/ewnax

(poor online translation)

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: win32.fason
« Reply #2 on: September 28, 2006, 08:21:56 AM »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32.fason
« Reply #3 on: September 28, 2006, 03:46:05 PM »
Although the translation is poor, it indicates an email attachment as the means of delivery and care has to be taken with any email attachment, especially unsolicited or unexpected (even from friends email addresses, they can be forged) and never open them from the email, save the attachment to your hard disk without opening it and upload it to a multi-engine AV scanner at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

Help prevent or limit damage by denying permissions. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Starfighter

  • Guest
Re: win32.fason
« Reply #4 on: September 28, 2006, 03:55:05 PM »
Thanks DavidR and Polonus,

The email did not contain a file attachment... It just contained links...  Clicking on the link downloads a trojan/worm....

I was silly for me to click on the links.  The person that "sent" the email was a friend of mine who is Portugese, so I thought the email was legit... WRONG!!!!   Lesson learned.

« Last Edit: September 28, 2006, 03:58:42 PM by Starfighter »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32.fason
« Reply #5 on: September 28, 2006, 04:09:17 PM »
It is unfortunate that you got caught, but as you say a lesson learned. Friends can also get infected and send out emails or the email address can be faked. So email links should be treated in the same way as attachments with caution and investigation, especially form unsolicited email.

Now there are many social engineered emails that seem fine and give links that appear to go to known sites, which could be phishing links.

I can't remember if you use XP or not so I put the DropMyRights info in previously as I think that since the link was in an email, if that was run under dropmyrights then I think it should also have stopped/limited the potential damage.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Starfighter

  • Guest
Re: win32.fason
« Reply #6 on: September 28, 2006, 05:53:20 PM »
Thanks DavidR -- the info about dropmyrights is excellent, and I'll use it.

I have several computers... the one that got infected had Win98SE (fully patched).  However, I also have a WinXP SP2 box which I'll immediately set up with the dropmyrights proceedure.  A very wise way of going about it (limiting admin rights etc).

I truly appreciate the excellent help provided by so many kind souls on this forum.   :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32.fason
« Reply #7 on: September 28, 2006, 06:25:30 PM »
Your welcome.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security