1. Virus Removal� BB&C Case Study Roger Bailey
Oct 2006
2. Case Study Father-in-laws computer
Used for e-mail, internet, letters, photos, taxes, financial etc.
Early Pentium, Windows 98, Eudora, Telus high speed
AVG installed in 2002, routinely updated
Unknown attachments not opened
Spoofing, phishing recognized
3. Virus Symptoms Called for help computer acting funny
Could not connect to internet or email
Default home page hijacked by http:/qing.com
Internet connections stalled by AVG
Virus infection?
4. Analysis Suspected virus, trojan or worm
Checked internet history
http:/qing.com visited
stopwar.org.uk visited just before
Checked email
Letter passed on by left wing nut grand-niece
Click here to sign Stop the War in Lebanon petition
link had been clicked. Spoofed URL?
5. Diagnosis Google qing.com virus
Top hit: TRENDmicro:
Identified TROJ-BAGLE.BB
Many TROJ-BAGLE variations
One of many malware sites listed www.czwan{BLOCKED}qing.com/osa4.gif
Many sites spoofed/infected, eg Al Gore
7. What is a Trojan? Viruses replicate and infect
Trojans dont replicate but are innocently invited in, like the Trojan Horse, to later open the gates to bring in the invaders
Malware takes over your machine:
Disables defenses (antivirus, firewalls, etc)
Installs virus (osa3.gif), spyware, key stroke loggers, etc
Replicates and infects
8. Virus Removal Many tools available, usually for a price
Manual instructions available: registry edits
I trust Gisoft. Go to AVG free advisor http://free.grisoft.com/freeweb.php/doc/2/
Click Downloads and Virus Removal
Download Vcleaner, save on floppy
Startup infected computer in safe mode
Run the remover to scan files and registry, detect and remove virus
Shutdown and restart
A Clean Machine! Magic, management or luck?
9. Conclusions A Clean Machine!
Magic, management or luck?
A mild infection, easily cured
No serious or long term consequences
AVG interaction limited infection?
