Author Topic: Whitesmoke virus  (Read 19183 times)

0 Members and 1 Guest are viewing this topic.

belmartian

  • Guest
Whitesmoke virus
« on: January 27, 2011, 03:16:32 AM »
Running the most recent Avast (free) on my kid's computer (XP).  She went to a site that had the whitesmoke virus and it downloaded the virus onto her computer.  It was impossible to get rid of using both Avast and Malwarebytes.  Eventually, the DLLs must have gotten corrupted and I had to reinstall Windows.  My question is has anyone had this problem with this virus?  I'm concerned Avast did not block it.

CharleyO

  • Guest
Re: Whitesmoke virus
« Reply #1 on: January 27, 2011, 06:27:09 AM »
***

I cleaned this same problem off a computer a couple of weeks ago using MBAM. I first ran a Quick Scan and then a Fill Scan to get rid of most of it. Then, I ran a boot scan with Avast to get rid of the rest of it.


***

CharleyO

  • Guest
Re: Whitesmoke virus
« Reply #2 on: January 27, 2011, 07:03:43 AM »
***

OOPS ... I just checked my notes and I had the above in the reverse order.

I did the Avast boot scan first, then the MBAM quick scan, and finally the MBAM full scan.

Usually, an MBAM quick scan gets all the problem but in this case it did not. So, then the full scan was needed.


***

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Whitesmoke virus
« Reply #3 on: January 27, 2011, 07:14:39 AM »
Quote
It was impossible to get rid of using both Avast and Malwarebytes.
did you update Malwarebytes before you run it ?
can you post the scan log here...  i guess not since you have reinstalled  ;)
« Last Edit: January 27, 2011, 07:16:38 AM by Pondus »

belmartian

  • Guest
Re: Whitesmoke virus
« Reply #4 on: January 27, 2011, 07:20:12 PM »
Yes, I ran the most recent updates to Malwarebytes.  It was a frustrating experience, but with the Windows reinstall, at least the 'puter is running much faster, so my kid is happy about that.  And it's true, no scan log since I did a disk reformat and reintsall of Windows.  Do you know anything about this virus?  Was it just annoying, or a dataminer of some sort.
« Last Edit: January 27, 2011, 07:22:13 PM by belmartian »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Whitesmoke virus
« Reply #5 on: January 27, 2011, 09:32:22 PM »
Quote
Do you know anything about this virus?
http://www.google.no/search?q=what+is+whitesmoke+virus&hl=no&rlz=1I7SUNC_no&prmd=ivnsfd&ei=6dRBTczmEcvEswbkx9mdDg&start=0&sa=N

and by looking at the removal assist`s in Bleeping computer and Malwarebytes forum it is not the easiest malware to remove...

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Whitesmoke virus
« Reply #6 on: January 27, 2011, 11:02:55 PM »
It is difficult to remove and has the side effect of trashing some key registry entries.  If you have the choice reformat is the easiest option, it is mainly a channel for redirects and act as a downloader for other malware.  That does not preclude keyloggers/password stealers 

CharleyO

  • Guest
Re: Whitesmoke virus
« Reply #7 on: January 31, 2011, 05:18:29 AM »
***

In my above post, Whitesmoke had downloaded a trojan onto the infected laptop.

I will agree with Essexboy that it would have been easier to reformat.

***
« Last Edit: January 31, 2011, 05:20:08 AM by CharleyO »

joan82

  • Guest
Re: Whitesmoke virus
« Reply #8 on: February 01, 2011, 05:08:01 PM »
Whitesmoke is a great software and I recommend anyone to use it. I haven't had any problems with a virus!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Whitesmoke virus
« Reply #9 on: February 01, 2011, 05:56:08 PM »
In WhiteSmoke blog there is a statement....I do not know if this is true or false   ???


"WhiteSmoke Virus", "WhiteSmoke Translator Virus" - NOT a Virus
hxxp://wxw.whitesmoke.com/virus  ( 2 hits on URLVoid and 1 on VT url scan )

Quote
We at WhiteSmoke Inc. take this issue very seriously and have investigated every angle to find out why this has happened. We've found that, unfortunately, a partner of ours chose to use our name to spread out this "virus". Said partner has, of course, been dealt with and we've partnered up with top anti-virus companies such as AVG and Norton to make sure that our customers enjoy the security and privacy they deserve.

I also gave the free programs a VT scan

WhiteSmoke_Enrichment_free.exe - 3/43
http://www.virustotal.com/file-scan/report.html?id=188bb45d3c2166cb34acd0a1653775f0aac9dfef2bfa3aba9329e94aa23ccc6f-1296578264

 
WhiteSmokeTranslatorStub.exe - 2/43
http://www.virustotal.com/file-scan/report.html?id=8f5da8b898e3c056cbadf7349a7307e51083ae8b221d7b1627786a0d4e0d3d5a-1296578444


« Last Edit: February 01, 2011, 06:14:09 PM by Pondus »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Whitesmoke virus
« Reply #10 on: February 01, 2011, 08:15:53 PM »
The problem is how can you tell the difference between the rogue and the good one ?

belmartian

  • Guest
Re: Whitesmoke virus
« Reply #11 on: February 02, 2011, 04:41:31 AM »
Good question essexboy.  My daughter went to the Whitesmoke site because she wanted a spell checker.  She tells me she didn't download anything.  I do not know this for sure, but apparently just visiting the site triggered the virus.  A very frustrating lesson since by reformatting her computer she lost several story files she had been writing.  Next lesson: backing up her files.

CharleyO

  • Guest
Re: Whitesmoke virus
« Reply #12 on: February 02, 2011, 08:21:09 AM »
***

If she needs a good spell checker that is free and safe, have her try tinyspell free version. I've used this for years since it helps catch my typos.

http://tinyspell.numerit.com/


***

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37505
  • Not a avast user
Re: Whitesmoke virus
« Reply #13 on: February 02, 2011, 10:40:34 PM »
as you see from my post above, avast! detect both programs as malware


Avira say one is clean and one is malware
Quote
WhiteSmokeTransla...ub.exe    CLEAN
WhiteSmoke_Enrich...ee.exe    MALWARE


Norman say both are clean
Quote
WhiteSmokeTranslatorStub.exe : Clean!
WhiteSmoke_Enrichment_free.exe : Already detected as KNOWNCLEAN

The mysterious world of malware analysis   ???    ;D