Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: MALZER.EXE ?!?

MALZER.EXE ?!? 10 years 1 week ago #18285

  • kennyj
  • kennyj's Avatar
  • Offline
  • New Member
  • Posts: 1
  • Karma: 0
Has any heard of or been infected with the virus MALZER.EXE? My network has been infected and within an hour of removing the virus it comes back up. The virus has been replicating itself throughout the workstations on the network and is now starting to infect the file servers. Any help on this would be great. :evil:
The administrator has disabled public write access.

Re: MALZER.EXE ?!? 10 years 1 week ago #18286

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi Kenny,

Who is your AV Vendor ? Its best to ring them directly with this issue as they may have steps to stop the infection from propergating again once you have cleaned the systems. If they haven't even got IDE's or anything for it then send them a copy and i am sure they will work to write something for ya.

Sorry but i have never come across this one and it seems that its relativly new since google doesn't pick much up on it either.

Cheers
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: MALZER.EXE ?!? 10 years 1 week ago #18287

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Also, if you have more details on what the virus is doing, i.e. modifies the registry, copies itself to specific files, etc...

It may be that some of the AV vendors have named it something different.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: MALZER.EXE ?!? 10 years 1 week ago #18298

  • jhun
  • jhun's Avatar
  • Offline
  • Senior Member
  • Posts: 356
  • Karma: 0
also, prior to doing smurf's advice you could for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.
check the following:

- task manager
- registry
- startups
- msconfig
- documents and settings/temporary folders (hidden)
- system folders

for any suspicious and unwanted files/folders/applications
The administrator has disabled public write access.

Re: MALZER.EXE ?!? 10 years 1 week ago #18302

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Great advice Jhun hopefully that will help to stop it propergating through the network as much.

I was thinking last night as i was nodding off (sad i know), why is this propegating like it is ? Can you confirm that your machines are all fully patched ?

When Blaster (and its varients) hit, the main reason for this was an unpatched vulnerability which allowed the windows shares to be accessed. Something similar must be happening here if its spreading across the network so i would also ensure that your machines are patched as this could be the reason why they are getting re-infected.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: MALZER.EXE ?!? 10 years 1 week ago #18322

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
google search gave this LINK
for the meantime, disconnect the infected workstations from the network to prevent further infection to other hosts. it is best that when removing virus, malware, trojans, etc. from an infected pc, to disconnect it from the network and isolating from the rest.

follow what jhun had suggested.

have you tried hijackthis? very effective in removing malware entries but be careful in using it, you might remove legitimate entries, or post the hijackthis scan result here so we can see,

use adaware from lavasoft.

or find another PC which you find free from virus, connect to this pc the harddisk of the infected pc then boot the PC (but be sure you are booting from the virusfree harddisk), then run scan.
The administrator has disabled public write access.
Time to create page: 0.082 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup