From: LEONG JIAWEN KELVIN
Sent: Wednesday, October 11, 2006 6:19 PM
To: Ivan Wee
Cc: OIS
Subject: RE: Suggestions for
Thumbdrive Virus & Windows Virus
Hi Ivan,
RE: Suggestions for Thumbdrive Virus & Windows Virus
There are several major discrepancies in your Security Advisory
which you dispatched this afternoon, which I will outline below.
As of this moment, I have successfully fixed at least 50 student
and facilitator laptops who are infected with the Thumbdrive viruses, without
formatting, or employing any use of anti-virus nor anti-spyware tools in which
your IT Helpdesk has been installing on the students’ computers. My prior
experience includes 2 years of employment by a major spyware/adware provider in
Canada.
I have also personally trained 5 other students in creative
malicious software removal methods, and so far, they’re performing quite well
on their own, too.
The discrepancies I have found so far are the following:
·
Disabling the Autorun function in Windows XP via the registry is
not going to stop users from double clicking on the drive itself – in fact,
Windows has a system built into place to disable Autorun from being loaded if
the filesystem is Read/Write.
·
There are more than just those two virus variants spreading
around, others would include variants such as mth.exe.
·
There is a misspelling in Ramone.exe, it should be RavMonE.exe
·
RavMonE.exe is merely a downloader which
downloads other malicious code which employs undocumented startup methods, some
rather amusing, at least.
My claims are not without justification, in fact, the methods
you have stated in the advisory has already been attempted by my team. We have
already conducted research and to a certain extent, basic reverse engineering
of the malicious applications in question.
However, I am willing to meet up for a discussion with my team
to suggest solutions which already have been tested out – but on a small scale
(since we do not have official backing by any current authority) – and it is
proven to be exceptionally adept as a counter-measure against the “Viruses”
Best Regards,
Kelvin Leong
HP: 91847477
From: Ivan Wee
Sent: Wednesday, October 11, 2006 3:59 PM
To: OIS
Subject: Security Advisory - Virus Outbreak - Thumbdrive Virus &
Windows Virus - Oct 11 2006
|
|
|
|
Message
|
We
have two types of viruses spreading in campus. OIS has formed a team to deal
with it. OIS would like to keep you informed about the findings. 1.
Logos_1.exe Virus (Windows Virus) This
virus will cause a pop up in your laptop by our e-Trust anti-virus. Our
e-Trust anti-virus is able to contain it and clean it. Do not worry. We have our
action plan to stop it by tomorrow. 2.
Ramone.exe (Thumbdrive Virus) This
virus passes around thru thumb drive. We have pushed out a Registration Key
to all laptop to stop the auto-run when thumb drive plugged in. You need to reboot
your laptop to make the key effective. We are working on the fixes of
this virus. Please
see Action below for steps to do. |
|
|
|
|
Affected
Systems |
Laptop. |
|
|
|
|
Background |
We
have confirmed that the default scanning engine cannot detect & clean the
thumbdrive virus. |
|
To
Do Action |
Please
change your antivirus settings for CA antivirus. 1)
right
click the antivirus icon, select real-time options.
2)
From
the next screen please select VET and click ok.
3)
Please
restart your laptop. (If
CA antivirus is not installed – it may be installed from advertised programs
or at http://antivirus.rp.edu.sg –
Do also make sure that any other antivirus software are uninstalled before
installing. ) |
Thank you for your kind understanding.
(This mail has been sent to all Student & Staff)