Avast WEBforum

Other => Viruses and worms => Topic started by: Starfighter on September 28, 2006, 06:49:51 AM

Title: win32.fason
Post by: Starfighter on September 28, 2006, 06:49:51 AM
I just got nuked by the worm win32.fason
Avast did not protect me with the latest definitions.

What to do?  Is there an uninstaller for this worm?

Title: Re: win32.fason
Post by: Starfighter on September 28, 2006, 07:31:59 AM
Some further info....

It relates to this virus:

http://tinyurl.com/ewnax

(poor online translation)
Title: Re: win32.fason
Post by: polonus on September 28, 2006, 08:21:56 AM
Hi Starfighter,

See for removal here:
http://www.virusbuddy.com/i-worm.win32.fason-computer-virus-1820.html

polonus
Title: Re: win32.fason
Post by: DavidR on September 28, 2006, 03:46:05 PM
Although the translation is poor, it indicates an email attachment as the means of delivery and care has to be taken with any email attachment, especially unsolicited or unexpected (even from friends email addresses, they can be forged) and never open them from the email, save the attachment to your hard disk without opening it and upload it to a multi-engine AV scanner at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/xhtml/index_en.html) Or Jotti - Multi engine on-line virus scanner (http://virusscan.jotti.org/) if any other scanners here detect them it is less likely to be a false positive.

Help prevent or limit damage by denying permissions. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Title: Re: win32.fason
Post by: Starfighter on September 28, 2006, 03:55:05 PM
Thanks DavidR and Polonus,

The email did not contain a file attachment... It just contained links...  Clicking on the link downloads a trojan/worm....

I was silly for me to click on the links.  The person that "sent" the email was a friend of mine who is Portugese, so I thought the email was legit... WRONG!!!!   Lesson learned.

Title: Re: win32.fason
Post by: DavidR on September 28, 2006, 04:09:17 PM
It is unfortunate that you got caught, but as you say a lesson learned. Friends can also get infected and send out emails or the email address can be faked. So email links should be treated in the same way as attachments with caution and investigation, especially form unsolicited email.

Now there are many social engineered emails that seem fine and give links that appear to go to known sites, which could be phishing links.

I can't remember if you use XP or not so I put the DropMyRights info in previously as I think that since the link was in an email, if that was run under dropmyrights then I think it should also have stopped/limited the potential damage.
Title: Re: win32.fason
Post by: Starfighter on September 28, 2006, 05:53:20 PM
Thanks DavidR -- the info about dropmyrights is excellent, and I'll use it.

I have several computers... the one that got infected had Win98SE (fully patched).  However, I also have a WinXP SP2 box which I'll immediately set up with the dropmyrights proceedure.  A very wise way of going about it (limiting admin rights etc).

I truly appreciate the excellent help provided by so many kind souls on this forum.   :)
Title: Re: win32.fason
Post by: DavidR on September 28, 2006, 06:25:30 PM
Your welcome.