Mike found a Zero Day Virus today. What you need to know.

Posted by on Oct 21, 2014 in Security

Mike found a Zero Day Virus today. What you need to know.

Hi this is Mike, so today I found a Zero Day Virus on a customer’s business computer. I am writing this blog article to tell you about the utmost importance of having me perform a security audit. I got called to a business today to perform routine updates. As part of my service duties, I check for viruses. What I found was surprising. This computer had a virus so new that no antivirus program would have detected it. The customer did not even know it was there.

What is a security audit?
While performing a tune-up, Mike uses a process explorer program to review all the running processes on the computer. This can reveal suspicious programs like viruses, malware, adware, trojans, etc. This technique is different than a virus scan. Most of the time Mike can detect a virus even before any anti-virus scan is run.

Will my virus program find all the suspicious programs?
In most cases, yes. But there are some suspicious programs that are evasive in that they try to hide from the anti-virus program. This is why having Mike perform a periodic security audit is so important.

What is a zero day virus and why would I care?
A zero-day virus (also known as zero-day malware or next-generation malware) is a previously unknown computer virus or other malware for which specific antivirus software signatures are not yet available. It is a virus that cannot be automatically detected by any antivirus programs. Having your computer well protected is essential to prevent identity theft, protect your bank accounts from money theft, and prevent your computer from becoming infected by malicious programs.

Tell me about the zero day virus you found, what was it?
This zero day virus I discovered today was pretty sneaky. Once this computer was compromised by a malicious 3rd party, it became an active member of a botnet. When this occurs, the computer can perform automated tasks over the Internet, without you knowing it. Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals. When I found the virus, it was actively making several internet connections to both the command / control computer and it’s intended targets. It was quite active with no less than 6-10 connections at a time.

How did this virus evade antivirus programs?
The virus installed it self into a local user folder.
C:\Users\user\AppData\LocalLow\Apple Computer\(random)\(random)\(random).exe
The (random).exe was a cloned copy of Google Chrome web browser with a specially crafted malicious browser extension (another random file). It then had a malicious dll loaded by regsvr32 at system start up to run chrome coupled with the extension by a specially crafted start command. The virus then begins it’s duties. This computer did not even have Google Chrome browser installed, the virus came bundled with it’s own hidden copy of Chrome. The virus was able to evade the antivirus because it’s process ran on the system as a digitally signed copy of Google Chrome. It ran in a strange out of place folder, not where Chrome normally resided in program files. The antivirus just thought it WAS Google Chrome and nothing else. I was not fooled however, I noticed the strange path it was running in, then verified it was a virus connecting to web sites on it’s own. I swiftly deleted the startup command dll, killed the processes, then deleted the virus files and folders. I continued on with the tune-up where I installed Critical Windows Updates and updated all the web programs.

Can Mike check my computer?
Sure, the security audit is part of the services performed during a tune-up. Contact Mike for an appointment. If Mike has worked on your computer before, you can ask for a refresh tune-up. Mike recommends all businesses have a quarterly tune-up. Residential customers may opt for 6 month maintenance intervals.


Mike and Dominic are qualified to meet your computer service needs. Service areas include Long Beach Peninsula, Long Beach, Ocean Park, Ilwaco, Seaview, Chinook, Surfside, Oysterville, Klipsan Beach, Nahcotta, Naselle, Astoria, Warrenton, Gearhart, Seaside, Cannon Beach, and Arch Cape.
Call us: (360)642-2125