Avast WEBforum

Other => Viruses and worms => Topic started by: livenkickin on March 29, 2009, 01:49:21 PM

Title: W32/SillyFDC.BBA Perfume.exe virus
Post by: livenkickin on March 29, 2009, 01:49:21 PM

Dear all,

How to remove this virus. Avast is unable to get rid of it.

Title: Re: W32/SillyFDC.BBA Perfume.exe virus
Post by: DavidR on March 29, 2009, 05:32:17 PM

Why, what errors are displayed, file in use, etc. ?

If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php (http://www.digitalred.com/avast-boot-time.php).

Title: Re: W32/SillyFDC.BBA Perfume.exe virus
Post by: Lisandro on March 29, 2009, 05:55:35 PM

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Clean your temporary files. You can use CleanUp (http://www.stevengould.org/downloads/cleanup/) or CCleaner (http://www.ccleaner.com/) for that.

2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (http://support.microsoft.com/default.aspx?scid=kb;en-us;315222) (repeatedly press F8 while booting).
If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.

3. It will be good if you download, install, update and run SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or SpywareTerminator (http://www.spywareterminator.com).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
About legit antispyware applications or the bad ones see here (http://www.spywarewarrior.com/rogue_anti-spyware.htm#sites).

4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp) for XP/Vista. For XP only: Panda (http://research.pandasoftware.com/blogs/research/archive/2007/04/27/New-Panda-Anti_2D00_Rootkit-_2D00_-Version-1.07.aspx).

5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.

6. After you're clean, disable System Restore on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887), XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405) or Vista (http://support.microsoft.com/?scid=kb%3Ben-us%3B936212&x=6&y=13). System Restore is not available in Windows 9x and 2k. After disabling you can enable it again.

7. Use the immunization of SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html).

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/) to update insecure applications and avoid reinfection.