However, I was bored the other day...So I took a freshly formatted Windows XP laptop and installed this file. I didnt get to view the greeting card message, instead my computer became a spam sending drone connected to a network of evil. What do these e-cards look like? A sample of a recently received electronic greeting card is shown below. --------------------------------------------------------------------------------------- FROM:
email@someaddress.com
DATE: Thu,
16 Aug 2007 00:35:36 -0400
TO:
<pchell@gmail.com>
SUBJECT:
Love ecard
Good day.
Your Sister
has sent you Love ecard from marlo.com.
Click on
your card's direct www address below:
http://71.88.198.238/
Copyright
(c) 1991-2007 marlo.com All Rights Reserved
---------------------------------------------Some of the subject lines used by these cards are: Animated card Love postcard Thank you postcard Birthday e-card Animated e-card Funny card Holiday ecard Musical e-card After clicking on the URL in the body of the message, a screen appears asking you to download "Microsoft Data Access" to view the message. You'll notice the popup asking you to install the program even mentions it's from "Microsoft Corporation". Then the msdataccess.exe file infects the computer and causes a chain reaction of disabling security programs like antivirus and firewalls, joining a peer-to-peer botnet to receive more commands and dangerous software from a wide range IP addresses, corrupting a file called TCPIP.SYS, and changing your DNS settings on your local area network or dialup connection. Once your computer is infected, its difficult to remove. Scanning MSDATAACCESS.EXE with a Virus Scanner Before I installed this dangerous file, I used Jotti's Malware Scanner to check the file. Jotti's scan checks the file with a variety of scanning engines to see if its dangerous. Many times, one scanner wont report a problem while another one will. Here are the results after scanning msdataaccess.exe: Jotti Scan Results Scan taken on 16 Aug 2007 17:54:11 (GMT)
After installing the file, my computer immediately starting opening connections and sending spam to a variety of addresses. I used a program called TCPView to show this flood of email. After seeing my computer spewing spam in all directions, I immediately disconnected from my network and began the cleanup of this lovely greeting card. I rebooted the computer once before beginning the removal and was presented with a Windows Blue Screen when shutting down too. What's the Best Way to Remove these NuWar-type infections from My Computer? Since no files are added to startup, or as a browser hijack object (BHO), normal tools like Hijackthis and others simply don't find this problem. This particular attack using msdataaccess.exe installs the following files:
The computer then proceeds to change your DNS Settings and starts sending email. It also hides the files it installed from view when running Windows so they are hard to detect. Tools you may want to download before attempting this removal procedure.
Removal Procedure for Nuwar/Zhelatin/Tibs Greeting Card Infection Download CCleaner to your desktop and install it, so you can use it later. Then unplug your computer from your internet connection before continuing. If you are uncomfortable with any of the procedures shown below, please do not continue with this removal. Take your computer to a repair facility or have a trusted friend follow these procedures instead. In all cases, please be careful with deleting windows files, since this could cause your computer to become inoperable. Booting into the Recovery Console You'll
need to use the Windows XP Recovery Console to help with this removal
procedure. This will either require you to boot from a Windows
XP Installation CD or boot directly to the Recovery Console if its
installed. Follow these steps to boot into the Recovery Console from a
Windows XP Installation CD. Deleting the Infected Files From the Windows prompt type the following and press Enter after each line del c:\windows\spooldr.exe
del c:\windows\system32\drivers\tmcomm.sys (may not be found in all cases)
Type exit
and press Enter to reboot into Windows.Installing a new copy of TCPIP.SYS When Windows restarts, follow these steps to expand a new copy of tcpip.sys to your hard drive.
To
turn off Windows XP System Restore: 1. Click
Start. Scan Your Computer For Viruses You may use any of the following online virus scanners to be sure your computer is now clean of problems. After cleaning my test machine, I ran Trend Micro Housecall, Kaspersky Virusscanner, and Ewido (Now AVG) Online Scan and my system was clean. I infected the machine using three different emails, however the above procedure worked in my case each time. Online
Virus
Checkers Congratulations! Your computer should be free of this msdataaccess.exe infected greeting card. Although not all email greeting cards are bad, if it looks suspicious it probably is. Please be careful whenever a e-card asks you to download viewer or install programs you are not sure of.
Printer Friendly Version of This Page Bookmark and Share this Article on PCHELL with these Social Networks: Removal Instructions for Other Programs Spyware Removal and Other Resources Essential Tools for Removing Spyware, Adware, and Malware Rootkit Removal Tools and Help How to Delete Undeleteable Files Review of Free Registry Cleaner How to Manually Run the Microsoft Malicious Software Removal Tool How to Remove Windows Diagnostic or Windows Restore malware Bargain Buddy Removal Instructions and Help Click2FindNow and I-Lookup Removal Electronic Greeting Card Virus - MSDATAACCESS.EXE Removal Instructions and Help Powered by Zedo Popup Ad Removal Instructions and Help Search and Destroy Removal Instructions and Help Spyaxe, Spy Trooper, Spy Sheriff, Brave Sentry and Similar Removal Instructions and Help TheSpyBot Removal Instructions and Help Spam Blocker Utility Removal Instructions and Help DriveCleaner Removal Instructions and Help Alfacleaner Removal Instructions and Help Spylocked Removal Instructions and Help AntivirusGolden Removal Instructions and Help VirusProtectPro Removal Instructions and Help UltimateDefender and UltimateCleaner 2007 Removal Instructions and Help VirusRescue Removal Instructions and Help PestCapture Removal Instructions and Help SystemDoctor 2006 Removal Instructions and Help How to Fix Task Manager disabled by your Administrator How to Fix Problem Changing Desktop Wallpaper How to Remove SmitFraud Variants like WinAntivirus Pro 2007 and PestCapture SurfSideKick Removal Instructions and Help How to Remove Zango Search Assistant and Toolbar About:Blank Homepage Hijacker Removal Instructions and Help Kazaa Removal Instructions and Help How to Disable Windows XP Security Alert Balloons and Notifications res://random.dll Homepage Hijacker Removal Instructions and Help IBIS Web Search (websearch.com) Removal Instructions and Help Open Search Web (Lop.com) Removal Instructions and Help UPDMGR.EXE Removal Instructions and Help FCADVICE.EXE Removal Instructions and Help U3 Smart Drives - What are they and how to remove U3 Dubolom.com Homepage Hijacker Removal Instructions and Help DSO Exploit Removal Instructions and Help FastSearch.cc Homepage Hijacker Removal Instructions and Help My Web Search Removal Instructions and Help Cursor Mania Removal Instructions and Help Fun Buddy Icons Removal Instructions and Help Smiley Central Removal Instructions and Help My Mail Stamps Removal Instructions and Help My Mail Stationery Removal Instructions and Help My Mail Signatures Removal Instructions and Help Fun Web Products Popular Screensavers Removal Instructions and Help Webfetti Removal Instructions and Help What is PDF Spam and Does it Contain Viruses Hugesearch.net Homepage Hijacker Removal Instructions and Help Search-Space.com and Start-Space.com Homepage Hijacker Removal Instructions and Help How to Remove Global-Finder.com Homepage Hijacker Huntbar and Search Toolbar Info and Removal Look2Me Removal Instructions and Help Lookfor.cc (res://mshp.dll/index.html) Homepage Hijacker Removal Instructions and Help MaximumSearch.net Homepage Hijacker Removal Instructions and Help Ncase Removal Instructions and Help People OnPage Toolbar Info and Removal SearchMyRequest.com Homepage Hijacker Removal Instructions and Help Smartsearch.ws Homepage Hijacker Removal Instructions and Help SysUpd.exe (TSCash) Removal Instructions and Help Ezula TopText (yellow underlined links) Removal Instructions and Help How to Remove SpeedBlaster and MemoryMeter TopRebates and WebRebates Removal Instructions and Help Twaintec.dll Removal Instructions and Help Viewpoint Removal Instructions and Help WildTangent Removal Instructions and Help |
Tools for Removing Spyware, Adware, and Malware PC HELL Welchia (Dllhost.exe and SVCHost.exe) Worm Removal Uninstall Antivir Instructions How to Manually Run the Microsoft Malicious Software Removal Tool Bloodhound.Exploit.6 Virus Removal Backdoor SDBot.H Trojan Removal
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad Download Hoyle Games |
Recommended Software for PC Hell Visitors | |||||
Malwarebytes Anti-Malware |
iolo System Mechanic® |
Emsisoft Anti Malware |
|||
Search PCHELL.COM |
|