Avast WEBforum

Other => Viruses and worms => Topic started by: push2010 on February 20, 2006, 06:53:29 PM

Title: Win32:Vibpack[WRM]
Post by: push2010 on February 20, 2006, 06:53:29 PM
Hi Guys.  I'm a new user and of course this happens.  I don't know where the worm came from, but it says this
Original file name      Setup.exe
Original folder           C:\Program Files\Alwil Software\Avast4
Size of file                 2379776
Virus description       Win32:Vibpack [WRM]
File ID                        5

I don't know how to deal with it and would appreciate any help   

                              Thanks
Title: Re: Win32:Vibpack[WRM]
Post by: essexboy on February 20, 2006, 07:26:33 PM
Are you saying that Avast called it's own set up programme a worm or did this come from an online scanner
Title: Re: Win32:Vibpack[WRM]
Post by: DavidR on February 20, 2006, 08:22:15 PM
Well I don't have a setup.exe in the avast4 folder nor the Alwil Software or any sub folder, so when was it detected, e.g. what were you doing at the time ?

It may well have been placed there to deliveratly deceive.
Title: Re: Win32:Vibpack[WRM]
Post by: push2010 on February 20, 2006, 10:46:22 PM
I just found it during a system scan.  Idon't know where it came from.  I use a p2p so my best guess is that it came from there.  How do I get rid of it?  I've since done an in depth scan on all of my downloaded files and cant find a thing.  I tried to scan it with an online virus site but the file wouldn't upload.


Help ???
Title: Re: Win32:Vibpack[WRM]
Post by: CharleyO on February 20, 2006, 11:31:09 PM
***

Welcome to the forums, push2010.    :)

Do you by chance have Ad-Aware and used it recently? Using the Search button at the top of the page, I found this which may help:

http://forum.avast.com/index.php?PHPSESSID=d011cc38a1b0da639bd309021cc71d55&topic=14819.msg125099

It may be that you really do have a virus as PnP/file sharing seems to be how this one is usually spread according to what I read using Google search.

Also, some are including this in "program cracks" which will eventually cause more trouble than you would want.


***
Title: Re: Win32:Vibpack[WRM]
Post by: DavidR on February 21, 2006, 12:16:29 AM
If avast detected it, then you should have been given options on what to do ? - Move/Rename, Delete, Repair, Move to chest (recommended first action, never delete first) or No Action.

I'm guessing you moved it to the chest based on this comment:
Quote
I tried to scan it with an online virus site but the file wouldn't upload.
If it is in the chest it is protected and avast won't allow access to it so you can check it unless you restore or move it out to a temporary location.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html)

Leave the file in the avast Chest, a protected area where it can do no harm. You should leave it there for a week or two to ensure no harmful effects of having moved it. If there are no harmful effects, then scan it again if that scan also confirms it as infected you can delete it from within the chest.
Title: Re: Win32:Vibpack[WRM]
Post by: push2010 on February 21, 2006, 04:34:30 AM
Ok  Thanks a lot for the help and next time I'll try not to panic
thanks again for all the good advice
Title: Re: Win32:Vibpack[WRM]
Post by: DavidR on February 21, 2006, 03:45:41 PM
No problem, welcome to the forums, hopefully there won't be a next time ;D

I'm guessing you moved it to the chest, did you ?
You certainly wouldn't want to leave it in the avast4 folder.
Title: Re: Win32:Vibpack[WRM]/ I have the same virus
Post by: jazzymina on February 26, 2006, 12:42:28 AM
Sorry to post in this thread, but I actually have the same virus on my computer. I just got it now and went online here to find more info about it. So, to my suprise someone else posted the same problem. It's a bit redundant to start a new thread with the same virus so that's why I'm posting here (if you don't mind).

I read the information about this virus being a false positive (because of conflicting problems with Ad-aware),but I got this virus through a p2p-programme.  :-[

I know downloading with p2p-programmes can be harmful etc. This is the last I will downloading software with this p2p (limewire), because so far every game that I want to download is infected. Which I think is a bit strange.. Could there be false positives at stake? I don't encounter any viruses with downloading music-files, only when I'm trying to do download software/games.

What should I do next? I aborted connection and moved the file to the viruschest. But I DID remove it from my 'my downloads-folder'.  My OS is Windows Xp, VBS-FILE (current version 0608-1), and the virus was located in my C: Documents and Settings/real name/MyDownloads-folder.

But as I said I removed the file in Limewire (library options). However I did move the infected file FIRST to the virus chest as Avast recommended. I would appreciated if someone could help me out with is. Thanks in advance (again).

VIRUS CHEST LOG :


Scanning of selected files

Action was completed successfully!

Virus has been detected!
File Name: Setup.exe
FileID: 22
Virus Description: Win32:Vibpack [Wrm]
Title: Re: Win32:Vibpack[WRM]
Post by: DavidR on February 26, 2006, 01:34:36 AM
Quote
I read the information about this virus being a false positive (because of conflicting problems with Ad-aware),but I got this virus through a p2p-programme.
The circumstances and the file name and location, how it was detected, etc. are the things that lead us to any decision on if it is likely to be a false positive. However, in your case I would say it isn't an FP.

If you wanted to be absolutely certain, you could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out otherwise it can't be uploaded to be scanned.
Or VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html)

If it is no longer in the C: Documents and Settings/real name/MyDownloads-folder then all that remains is to delete it from the virus chest (no rush it can't do any harm there) and that is it done.

Title: Re: Win32:Vibpack[WRM]
Post by: jazzymina on February 26, 2006, 02:29:58 AM
THanks for the advice..   :)