Monday, October 18, 2010

UDP Port 8881 Virus - A BitDefender 2011 problem

UPDATE: This is a BitDefender 2011 problem - Disable P2P file sharing in the Bitdefender 'updates' section to fix it.  This is shocking and appalling that Bitdefender would open a hole in the firewall and allow almost anyone access to your computer!

I am still fighting the UDP Port 8881 virus that appears to come from visiting a Twitter account.  So far I can tell that IPCop logs about 6000 blocked UDP port requests inbound to the infected computer every day.  The infected computer according to WireShark, just goes out to random web pages and downloads pictures.  That appears to then trigger the port 8881 responses back towards the infected computer. Reformatting the hard drive does NOT get rid of the virus.  I assume that the virus comes back when you copy back 'my documents' but I am not even sure of that.  However NO ANTI VIRUS program can detect this virus after a week of fighting it.

Here are some WireShark screen pictures.  First is the incoming traffic to the infected computer. This one is kind of funny.  It says "go away we're not home".  Click on the image to see it full size.


Here is a typical IPCop screen showing the connections opened by the virus;
Post a Comment