As some of you know there are a few IE exploits going round on the forums....
Best advice? Change your default browser to something other than IE.
Second best advice, before you click a link wait 30 seconds to see if they lose their connection - classic sign that the exploit rebooted them and posted the link to their mirc.
What does it do?
Well, it seems to mess around with notepad.exe and mirc.exe, how exactly i'm not sure. The mirc.exe in c just seems to be the trojan file which aims to crash your machine. notepad.exe seems to get infected, and when you run it it reactivates the trojan.....
The infected notepad.exe is 225kb and will be in the system dir. The legit notepad.exe should be 64.5kb (at least in XP)
The virus is identified as Win32:Natali
Information:
http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=58420&VName=TROJ_NATALI.A
http://fr.trendmicro-europe.com/ent...tail.php?id=58420&VName=TROJ_NATALI.A&VSect=T
Make sure you get rid of the dodgy files in c and the fix.bat in the startup folder. Get rid of the dodgy notepad.exe and copy the legit one into the system dir (so it works when u click ur shortcut). You may need to boot into safe mode.
For a free virus scanner I recomend Avast : http://www.avast.com/i_idt_1016.html
AVG has gotten a bit poo recently, It didn't pick up Natali when i tried the other day.
Best advice? Change your default browser to something other than IE.
Second best advice, before you click a link wait 30 seconds to see if they lose their connection - classic sign that the exploit rebooted them and posted the link to their mirc.
What does it do?
Well, it seems to mess around with notepad.exe and mirc.exe, how exactly i'm not sure. The mirc.exe in c just seems to be the trojan file which aims to crash your machine. notepad.exe seems to get infected, and when you run it it reactivates the trojan.....
The infected notepad.exe is 225kb and will be in the system dir. The legit notepad.exe should be 64.5kb (at least in XP)
The virus is identified as Win32:Natali
Information:
http://fr.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=58420&VName=TROJ_NATALI.A
http://fr.trendmicro-europe.com/ent...tail.php?id=58420&VName=TROJ_NATALI.A&VSect=T
Make sure you get rid of the dodgy files in c and the fix.bat in the startup folder. Get rid of the dodgy notepad.exe and copy the legit one into the system dir (so it works when u click ur shortcut). You may need to boot into safe mode.
For a free virus scanner I recomend Avast : http://www.avast.com/i_idt_1016.html
AVG has gotten a bit poo recently, It didn't pick up Natali when i tried the other day.
Last edited: