Author Topic: Virus from Facebook  (Read 5558 times)

0 Members and 1 Guest are viewing this topic.

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Virus from Facebook
« on: October 09, 2011, 11:10:14 AM »
Hello.

My sister downloaded a virus, which she got from friend (facebook chat) This link was virus. I have link for it, but I dont know, can I show it? Well. Virus automatically sends links on facebook and skype. Free avast silent...help. (windows 7 64bit)

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1054
  • Proud Community Member&Helper.
Re: Virus from Facebook
« Reply #1 on: October 09, 2011, 11:41:21 AM »
Could you post the link?
Make it "unclickable",for example instead of www.google.com > wxx.google.com
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #2 on: October 09, 2011, 12:09:53 PM »

WARNING! WIRUS! DONT CLICK!
wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
WARNING! WIRUS! DONT CLICK!

Offline Dim@rik

  • Advanced Poster
  • **
  • Posts: 670
Re: Virus from Facebook
« Reply #3 on: October 09, 2011, 12:24:50 PM »

WARNING! WIRUS! DONT CLICK!
wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
WARNING! WIRUS! DONT CLICK!


Dead link :(

http://jsunpack.jeek.org/dec/go?report=2c286a4e1b4977c3efddbb2b3645b4954dd5faad

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #4 on: October 09, 2011, 12:30:26 PM »
fck ;/. Hm...i fond this virus in C\Users\myname\Network...called igfxck32.exe , was hidden. It pretended to be a process of intel ...maybe someone know, what is a virus?

anyway thanks for help ;)

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1054
  • Proud Community Member&Helper.
Re: Virus from Facebook
« Reply #5 on: October 09, 2011, 12:35:12 PM »
The link is dead,tried to open it at my virtual machine.Did you let avast,quarantine igfxck32.exe?
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Dim@rik

  • Advanced Poster
  • **
  • Posts: 670
Re: Virus from Facebook
« Reply #6 on: October 09, 2011, 12:37:46 PM »
fck ;/. Hm...i fond this virus in C\Users\myname\Network...called igfxck32.exe , was hidden. It pretended to be a process of intel ...maybe someone know, what is a virus?

anyway thanks for help ;)


Check the file and the result http://www.virustotal.com/ show here.

If this virus is not determined by Avast .... send it to the lab.

Thank you.


http://vms.drweb.com/virus/?i=1487651&lng=en

Perhaps this is it :(
« Last Edit: October 09, 2011, 12:41:51 PM by Dim@rik »

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #7 on: October 09, 2011, 12:43:19 PM »
@Dim@rik...I failed, when i found this virus I instant deleted it...but i have any logs from avast, really sorry...;(

@Left123
Nope, but avast tried blocked (network shield) "something". In log last blocked website is: xxw://ip0.intelbackup.su/ext/0.php (WARNING! I dont know, what is it...)

Yes. This is it http://vms.drweb.com/virus/?i=1487651&lng=en
« Last Edit: October 09, 2011, 12:50:53 PM by Chajtek »

Offline Dim@rik

  • Advanced Poster
  • **
  • Posts: 670
Re: Virus from Facebook
« Reply #8 on: October 09, 2011, 12:49:22 PM »
@Dim@rik...I failed, when i found this virus I instant deleted it...but i have any logs from avast, really sorry...;(

@Left123
Nope, but avast tried blocked (network shield) "something". In log last blocked website is: xxw://ip0.intelbackup.su/ext/0.php (WARNING! I dont know, what is it...)

Sorry ... a bit rushed ... and the link is dead too.

For prevention can scan Dr.Web CureIt!
http://www.freedrweb.com/cureit/how_it_works/
« Last Edit: October 09, 2011, 12:52:55 PM by Dim@rik »

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1054
  • Proud Community Member&Helper.
Re: Virus from Facebook
« Reply #9 on: October 09, 2011, 12:52:59 PM »
This is a kind of backdoor.Also found something here
http://www.prevx.com/filenames/393553541613212108-X1/IGFXSC32.EXE.html

Note File Name Aliases:
NEWPHOTO10.JPG_WWW.RAPIDHOSTING.COM
PICTURE05.JPEG_WWW.ULTRAFILEFACTORY.COM
These sites are related to pictures,phtos etc.
Compate with the first link > wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
I think it's just the same.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #10 on: October 09, 2011, 12:57:25 PM »
ok, but how do I remove it, just to make sure that I removed?

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1054
  • Proud Community Member&Helper.
Re: Virus from Facebook
« Reply #11 on: October 09, 2011, 01:14:16 PM »
ok, but how do I remove it, just to make sure that I removed?

Do a full scan with avast.
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #12 on: October 09, 2011, 01:33:28 PM »
Ok, thank to all, and upgrade avast, that avast can to detect it.

Offline Dim@rik

  • Advanced Poster
  • **
  • Posts: 670
Re: Virus from Facebook
« Reply #13 on: October 09, 2011, 01:38:34 PM »
Ok, thank to all, and upgrade avast, that avast can to detect it.



In intelligence make logs
http://forum.avast.com/index.php?topic=53253.0

Essexboy thoroughly will help you.

Offline Chajtek

  • Newbie
  • *
  • Posts: 7
Re: Virus from Facebook
« Reply #14 on: October 09, 2011, 04:00:32 PM »
It is ok now. I scanned, deleted virus, system is stable.
« Last Edit: October 09, 2011, 04:06:01 PM by Chajtek »