Home > Uncategorized > My virtool:win32/ceeInject.gen!j Malware

My virtool:win32/ceeInject.gen!j Malware

Well today is a interesting day, being Christmas eve I have driven down to my mother and farther in laws.

I arrived in good time with the wife and kids to enable me to work for the day, now having booted up my PC and attempting to log onto my lab at home (you got to love Microsoft Terminal Services Gateway) when my good friend Paul sent me a picture!!!!! on MSN messenger, being on auto pilot I opened this picture only to have now been infected by my first malware/virus/trogen.

I suppose everyone has to go through it at some stage, but why me on Christmas eve.

I generally sit here working but thinking I am generally safe from viruses and other such annoying things, I have a router that ( I won’t say firewalled) but it does not allow anything in, I have etrust antivirus (Computer Assiciates) with realtime scanner, windows firewall and windows defender but all this does not stop someone sending you a link in MSN messenger that has a virus on the end of it. Now if I had just thought for one nano second and read the actual link (which at first glance looked ok) I would have said not a chance and contacted Paul to advise him that Christmas prezzy’s  were not due for a few more hours.


So as the title suggests I now have  virtool:win32/ceeInject.gen!j doing  search on the web about this gives me a clue to what it is but there seems to be a number of things so I cannot be sure.

McAfee has the following:

W32/Xirtem@MM is a mass mailing worm that also spreads through removable media using autorun.inf, and also by copying itself to Shared folders of Peer-2-Peer applications.Aliases Trojan-Banker.Win32.Banker.abbi (Kaspersky), VirTool:Win32/CeeInject.gen!J (Microsoft), W32.Degnax@mm (Symantec), W32/Autorun-RI (Sophos), Characteristics W32/Xirtem@MM is a mass mailing worm that also spreads through removable media using autorun.inf, and also by copying itself to Shared folders of Peer-2-Peer applications


But if anyone knows for sure I would really like to know.


So cleaning; Windows defender scan did not find it, nore did a quick scan with Malicious Software Removal Tool. But there is a new beta for live Onecare that will provide you the option of running a full anti virus scan from the web, which is found at the following link http://onecare.live.com/site/en-us/center/whatsnew.htm it also seems to include registry cleaner, disk cleanup and other features

Interestingly I am still running this full scan and it already has detected 6 items and 2 issues lets hope it will clean me up or I will have to rebuild my laptop which I really do not want to do over Christ mas.


I will update this post with the results, keep your fingers crossed


20:04 GMT: 12 items detected 2 issues


Well some time later the online web scan failed at the last minute, so I downloaded live onecare client for a 90day trial and it removed the infection!!


Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: