as for your earlier question about am i sure this is new, you can always review the symantec definitions added site...
securityresponse.symantec.com
where you'll see Backdoor.Lolok.B was added the day it was quarantined on your machine.
there is some talk that this is a false positive, btw. if it is, then you can restore the quarantined file rather than delete it, if you haven't deleted it already.
"What is odd to me is the Symantec site has instructions for Lolok that are quite specific but doesn't mention iun6002.exe. It does mention a bunch of other areas where Lolok writes changes such as in mIRC and in registry. It advised uninstalling mIRC, which I did. But it says to look for a bogus file called Helpus and remove that only I didn't encounter Helpus and it doesn't show up on a search."
it shouldn't seem odd nor surprise you, in that you are referencing a different (though similarly named) threat. you have a variant of the other one, and as variants, they acquire new names from symantec, new signature files, and new removal tools (if a tool is ever created), all because the virus behaves differently.
"So I am basically unsure whether the Symantec instructions for Lolok also apply to Lolok.B."
they don't, would be my opinion.
"My hunch is I got this virus yesterday and since I haven't rebooted before detecting it it hasn't had a chance to migrate to other locations in my system, but I don't know that for sure."
my hunch is that it was quarantined (you said so), and that is what kept is from doing any harm or spreading. quarantined means contained. you have a contained (possibly false positive) backdoor on your computer.
hth |
