Interesting Appointment…27,394 Infected Files!

Check out these pictures from last night’s client!  When I saw this I immediately called the client and told them I would be re-installing the OS.

backdoor.bot

randomly named files


,

38 Responses to Interesting Appointment…27,394 Infected Files!

  1. Bo October 18, 2011 at 3:45 pm #

    Interesting. Where do you draw the line on when to reinstall the OS? I know it’s fuzzy but am wondering what you consider.

    • malwarekilla October 18, 2011 at 4:38 pm #

      If it’s about 1000 or more i start leaning that way, especially if files have been patched.

      • Michael October 18, 2011 at 11:01 pm #

        I hate file patching virus like Sality and Virut. Just makes me sick.

  2. Christos October 18, 2011 at 4:28 pm #

    Imagine what would happen if you had run a full scan!

  3. Christos October 18, 2011 at 4:43 pm #

    Around 1000, huh? Well. I think that 1500 would be acceptable, the only thing after 1600 is that the client will pay much more than just reinstalling windows

  4. Christos October 18, 2011 at 4:56 pm #

    Hey Matt, I posted some comments and you posted one too, where did they go?

    • malwarekilla October 18, 2011 at 5:50 pm #

      Not sure what you’re talking about. All comments were approved.

  5. Manny October 18, 2011 at 6:29 pm #

    Woah! I don’t think I’ve gotten that much before. To be honest I have gotten a couple thousand before but 27,000! Wow! I usually lean to do a clean install after 500 or more, but it also depends on the kind of infection. How long did that take?

  6. ZOU October 18, 2011 at 6:56 pm #

    What a trip. That is crazy.

    • Michael October 18, 2011 at 11:03 pm #

      Yeah tell me about. If I saw that, I would probably have to pinch myself to see if this is reality. So many infections…. re-installing the OS would be the best choice.

    • Michael October 18, 2011 at 11:04 pm #

      The client probably would have fainted at that amount of viruses.

  7. blake October 18, 2011 at 8:46 pm #

    Over 27,000 infected files…WOW! You da man Matt.

  8. Michael October 18, 2011 at 11:06 pm #

    I guess that you really can get that infections. Now the question is: How did all those infections get there?

  9. Michael October 18, 2011 at 11:07 pm #

    That was some interesting appointment alright. No doubt about it.

  10. Johan October 19, 2011 at 12:58 am #

    LOL Crazy numbers indeed!

    Just curious Matt, how did the PC run before the quick scan? Slow I guess, or at all? 😉

    Now not to start a war here but, what type of protection was in use on that PC that did let all those nasties through?

  11. wasgij6 October 19, 2011 at 1:27 am #

    mrizos will you check out the new comodo cleaning essentials when its released? the second beta for version 2.0 was released today and it seems promising. lots of improvements and a couple of new tools

    • malwarekilla October 19, 2011 at 4:47 pm #

      Yeah, probably. I’ll have to checkout the changelog.

  12. Reggie October 19, 2011 at 9:31 am #

    You’d think the infestation would have made the pc unusable long before it had a chance to get that bad. Was it a computer that was left on all the time?

    • malwarekilla October 19, 2011 at 4:47 pm #

      Their desktop was down, so they started using the laptop this week.

  13. Christos October 19, 2011 at 4:08 pm #

    I can see the comments now 🙂 Anyway, what protection was the pc running or wasn’t it running any protection at all?

    • malwarekilla October 19, 2011 at 4:48 pm #

      No protection.

      • Adam October 20, 2011 at 4:58 pm #

        @Matt

        In the case that I saw, she had an out of date version of Java. Was missing service pack 2 for Vista which also means she was also missing about 70 updates that would have shown up had she installed sp2.

        Because she sucks at installing updates i’m just going to assume she was running with an out of data version of flash. It’s any bodies guess which exploit got her. But my money is on Java. Recently it’s always java gets em.

        In this case she was also running MSE. I will agree with you, the system was not responding very well. Mainly because MSE was sucking up 100% cpu.

        • Michael October 20, 2011 at 5:09 pm #

          Well MSE usually never uses that much for me. It only does that when it scans archive files. Other than that, there should be no problem. I use XP Home SP3 with 1.6 GHZ Intel Celeron single core CPU along with 1.37 GB of RAM.

  14. Warwagon October 20, 2011 at 1:00 am #

    Hey Matt

    Tonight a customer brought me a computer with the exact same infection. Probably caught it via out of date version of java. When I turned the computer on I saw the java update icon next to the clock.

    • Michael October 20, 2011 at 5:10 pm #

      Yeah Java is getting more common again. I guess it jumps from PDF’s to Flash to Java.

  15. enes October 20, 2011 at 2:31 pm #

    hi,
    so just wow
    I couldn’t get that many viruses if I tried so hard
    though the best way to get infected probably is to install xp with no service packs and plugg in your ethernet cable
    that should do the trick
    btw, what type of attack are those attacks considered

  16. Tyler October 20, 2011 at 5:01 pm #

    it would have been cool if you would bust out the video camera again and do a cleanup of an infected pc and when it is necessary to just reformat.

    • Michael October 20, 2011 at 5:13 pm #

      Well that would be nice, but it would have taken more time to clean it than just reinstall the OS. And remember, that was just a quick scan. It would be probably be thousands more if it was a full scan. Reinstalling the OS was the right choice. I wouldn’t bother to go through the cleaning procedure unless I didn’t have the OS disc from the client.

  17. Hjax October 20, 2011 at 8:06 pm #

    So looks like a downloader and a patching virus did a lot of a damage, thats amazing

    • Michael October 20, 2011 at 10:04 pm #

      Yeah. If a downloader/dropper gets through, there’s no telling what damage can be done to a system.

  18. shre54321 October 21, 2011 at 7:40 am #

    WOW! i even remember seeing over 98345 infected files on one of my friends machine when i was scanning with malwarebytes…..i formated his machine and installed win 7 with comodo internet security…..he is fine now!

  19. John October 21, 2011 at 4:57 pm #

    That’s a lot… my record of infections is 49,000-some. The computer was a total mess. The only reason there were so many is that the client let it go on for months. They could have got off with a cheaper one hour cleanup if they’d have got it to me immediately.

  20. Josh October 23, 2011 at 2:17 am #

    And that right there is what keeps our field in business!

  21. Nerdsinc October 27, 2011 at 6:41 am #

    That’s a lottttt of porn he has there ;p.

    Any idea how he got that many without noticing anything beforehand Matt?

  22. Alex November 15, 2011 at 2:31 am #

    Holy crap, Matt, is this a world record??

  23. Appointment Setting Services April 13, 2012 at 7:28 pm #

    This is not world record at all. You can find lots of system which are infected by virus and still owner don’t do anything about it.

Leave a Reply