Avast WEBforum
Other => Viruses and worms => Topic started by: italiangoddess on January 05, 2005, 03:11:31 AM
-
:-\ ???
I just installed avast, I scanned everything and this is what came up.
aklsp.dll C\WINDOWS\SYSTEM32\aklsp.dll Win32:Trojano3
Calsp.dll same Win32:Trojan-ge
M3tsp8.exe C\WINDOWS\INETPAL\m3tsp8.exe win32:Trojan-ge
Sed.exe C\program files\sed\sedexe. win32trojan-ge
I have them in my chest. I clicked to repair after scan was done it said an error occered.
what do i do? do delete them or what? I realy hope someone can help I thought this would be
kind of easy. right now im a bit stumped......
-
Welcome :D
Are all that files into Chest?
If so, don't worry... you're safe.
Are your computer working well? Which is your operational system?
-
I have them in my chest.
Contact a surgion. ;D ;D ;D
(sorry, couldn't resist this one)
But seriously,
the files you mentioned are part of malware. I suggest you click on the link in my signature and follow the instructions in the malware removal section to make sure your system is clean.
If you have any doubts about removing things:
- use HijackThis
- use my HJT log analyzer
- use the online log analyzer
- and read the links/info on my website in the HijackThis section.
Good luck and remember..... we are always willing to help!
-
:) :D
yes the files r in the chest.
I am running windows xp
Thank you for the warm welcome.:)
Thanks eddie i`ll find a surgion (lol)
computer is running just fine. no problems.
what happens if they were deleted? ???
I hope we didnt mess something up!
-
what happens if they were deleted? ???
I hope we didnt mess something up!
Nothing... In fact, the size of the Chest will be small and you'll have more free space into your HDD ;)
-
so it was ok that we deleted them? :)
-
So it was ok that we deleted them? :)
How many days passed since you send the files to Chest?
Is your system working well since then?
-
:)
they were in the chest for 2 days i think nothing longer and they were deleted yesterday! :)
-
computer was running fine and still is.....
-
They were in the chest for 2 days i think nothing longer and they were deleted yesterday! :)
If you already deleted, why did you ask? ;D
You can let the file 10 - 15 days into Chest to confirm it's a virus file... It won't harm your system and you won't throw away a clean file that you think is infected (the so called false positives) :)
-
ok, i posted this befor they were deleted then my husban went and deleted them.
so im just double checking on things to make sure we didnt mess things up.
this is the first time i have ran an anti virus and am new to all this......
-
Thank You for your help i will keep what u said in mind......
THANKS AGAIN
-
You're welcome...
Try to learn more about avast, browse the forum and enjoy 8)
-
??? ??? I HAVE A NEW VIRUS WARNING TODAY;
Win32-Lookme-C(Trj)
C:\windows\VT00.exe
I HAVE GONE OVER THE WEB PG. BUT COULDNT FIND IT POSTED, IT IS IN THE CHEST IS IT REPAIRABLE? DO I DELETE IT OR WHAT. AND WHAT IS IS? I WAS RUNNING SPYBOT WHEN IT DETECTED IT! THANKS
-
Trojans are generally not repairable as the complete file is malicious, rather than a virus infecting a small part of a windows file, that small part may be able to be removed/repaired.
The fact that avast caught this, hopefully before it became established, so you are likely to be ok. However, you would be advised to run hijackthis again.
A google searchs for both lookme-c and vt100.exe returned many hits and provides information on this. Learn to use google it is your friend.
-
Hi.
I sent this new rootkit-virus to VirusTotal .
VirusTotal report:
STATUS: FINISHED
Complete scanning result of "cmd.exe_vt100.zip", received in VirusTotal at 05.06.2006, 08:57:36 (CET).
Antivirus Version Update Result
AntiVir 6.34.0.24 04.20.2006 Heuristic/Virus.Win32
Avast 4.6.695.0 05.05.2006 Win32:Virtob
AVG 386 05.05.2006 no virus found
Avira 6.34.1.58 05.05.2006 no virus found
BitDefender 7.2 05.06.2006 Win32.Virtob.Gen
CAT-QuickHeal 8.00 05.05.2006 W95.TenRobot.B
ClamAV devel-20060426 05.05.2006 no virus found
DrWeb 4.33 05.05.2006 no virus found
eTrust-InoculateIT 23.72.1 05.06.2006 no virus found
eTrust-Vet 12.4.2194 05.04.2006 no virus found
Ewido 3.5 05.05.2006 no virus found
Fortinet 2.71.0.0 05.06.2006 suspicious
F-Prot 3.16c 05.05.2006 no virus found
Ikarus 0.2.65.0 05.05.2006 no virus found
Kaspersky 4.0.2.24 05.06.2006 Type_Win32
McAfee 4756 05.05.2006 New Win32
Microsoft 1.1372 05.06.2006 no virus found
NOD32v2 1.1523 05.05.2006 no virus found
Norman 5.90.17 05.05.2006 no virus found
Panda 9.0.0.4 05.05.2006 no virus found
Sophos 4.05.0 05.06.2006 no virus found
Symantec 8.0 05.06.2006 no virus found
TheHacker 5.9.7.139 05.05.2006 no virus found
UNA 1.83 05.05.2006 Win32.virus
VBA32 3.11.0 05.05.2006 no virus found
Aditional Information
File size: 109061 bytes
MD5: 1e0bed4a2c0c9d4bb11a8fb41ba07e8b
SHA1: 4203774f2fc854364287a289104011d5a5cc2c38
STATUS: FINISHED
Complete scanning result of "vt100.zip", received in VirusTotal at 05.09.2006, 18:30:15 (CET).
Antivirus Version Update Result
AntiVir 6.34.1.27 05.09.2006 Heuristic/Backdoor.Generic
Avast 4.6.695.0 05.08.2006 Win32:Virtob
AVG 386 05.09.2006 no virus found
BitDefender 7.2 05.09.2006 Backdoor.VirtobVT.A
CAT-QuickHeal 8.00 05.09.2006 W95.TenRobot.B
ClamAV devel-20060426 05.09.2006 no virus found
DrWeb 4.33 05.09.2006 BACKDOOR.Trojan
eTrust-InoculateIT 23.72.3 05.09.2006 no virus found
eTrust-Vet 12.4.2201 05.09.2006 no virus found
Ewido 3.5 05.09.2006 no virus found
Fortinet 2.76.0.0 05.09.2006 suspicious
F-Prot 3.16c 05.09.2006 no virus found
Ikarus 0.2.65.0 05.09.2006 no virus found
Kaspersky 4.0.2.24 05.09.2006 no virus found
McAfee 4758 05.09.2006 New Win32
Microsoft 1.1372 05.09.2006 no virus found
NOD32v2 1.1527 05.09.2006 probably unknown NewHeur_PE virus
Norman 5.90.17 05.09.2006 no virus found
Panda 9.0.0.4 05.09.2006 Suspicious file
Sophos 4.05.0 05.09.2006 no virus found
Symantec 8.0 05.09.2006 no virus found
TheHacker 5.9.7.140 05.08.2006 no virus found
UNA 1.83 05.06.2006 Win32.virus
VBA32 3.11.0 05.08.2006 no virus found
Aditional Information
File size: 48436 bytes
MD5: 42a18043fd9c04254a259124379740cc
cmd_vt100.exe is infected windows cmd.exe file.
vt100.exe is proper virus-rootkit .
Here is the log from my program :
( this tool was created to detect and delete rootkits, hiden services and processes, hidden files and hidden registry keys. Another log samples: http://www.gmer.net/rootkits.php ).
GMER 1.0.10.9819 - http://www.gmer.net
Rootkit 2006-05-04 18:30:25
Windows 5.1.2600 Dodatek Service Pack 2
---- Processes - GMER 1.0.10 ----
Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@VT100 Emulator C:\WINDOWS\system32\VT100.EXE
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\system32\VT100.EXE
---- EOF - GMER 1.0.10 ----
As you can see, virus-rootkit hides its process, file, and registry key.
After start, vt100.exe infects almost all files on all possible disks.
Virus also send some data over network to the same ip address.
Here is another report written in polish:
http://www.gmer.net/vt100.exe.php
Regards