The Misadventures of Dan
Peer into the mind of Dan as he tries to build an MP3 Player for his PDA and searches for the next thing in his life be it an electrical engineering job or graduate school.
Tuesday, January 13, 2004
.:1:07:10 AM:.
blss.exe and backdoor.blahrul.a
I'm beginning to have less and less faith in SARC. It seems like they contain the 'headliner' viruses but none of the smaller ones. Maybe they're too busy to be concerned about the daily trials. McAfee doesn't seem to be better either.
This whole ordeal started when a friend of mine sent me an 'e-card' from funnycard.net. The thing about e-cards is that the delivery methods are pretty much standard: e-mail sends you link, click on the link, webpage pops up, 'ooh ahh' and you're done. Funnycard.net puts this message saying 'oh so-and-so needs only five more points to get her bonus won't you help by putting five e-mail addresses alarms start going off. Why would they need e-mail addresses? Spam of course! It's exactly like that cupid thing from six years ago! So of course I wasn't going to put down e-mail addresses.
When I got home I messaged my friend asking if that card was 'for real'. Maybe it was a coincidence but after she sent out the card her mp3s wouldn't work and none of the sound in her videos was coming through. Using Norton she found nothing so I suggested the free AVG and lo and behold we found a trojan Backdoor.blahrul.a and this other program blss.exe. Searching on SARC revealed nothing about blahrul.a and googling I found a few French discussion sites about people talking about the problem. But no distinct instructions-so here are some:
My friend then proceeded to first shut the blss.exe process down and then delete the directory. We scanned the registry for any entries and didn't find any. Blss.exe seems to be this dial-up program that calls adult websites. Somehow this and blahrul.a (which AVG removed) caused her sound codec to not function properly because once they were removed her mp3s and movies played properly.
The lesson? Symantec's SARC has gone down-I used to reference it all the time but I find they're not posting much information any more. It also seems that AVG has a lower tolerance for viruses and odd behaviour so it's able to detect things more quickly or things that were missed by Norton. I sometimes wish Mozilla or Firebird was easier to install.
