Avast WEBforum
Other => Viruses and worms => Topic started by: buffyneedshelp on March 15, 2007, 05:57:41 PM
-
My Avast warning just notified me that feebs family virus is in my computer. The recommended action is to move to chest but it won't let me because it's being used by another process. I tried to see if I could figure this out by reading some of the topics so I wouldn't be a bother but I'm stooopid and in need of additional help. Thank you!
-
Run a boottime scan and let Avast deal with it.
HOw to do it is explained in many other thread on this board.
-
:) Hi Buffy :
A "Google Search" indicates "feebs family" are "Worms", best dealt with
by antiSPYWARE/antiTROJAN program(s) ; do you have any of those
"types" of programs on your computer ? IF NOT, I recommend you
use the FREE version of "SUPERantispyware" available from
www.superantispyware.com .
-
Hi, thank you. I've been trying to find how to do the scan that Eddy advised by using the search feature on this forum but I can't seem to find instructions. I also can't seem to find a boottime scan option on my Avast (I know you're all rolling your eyes). I think the only other program I have besides Avast is Zone Alarm. I'm not sure if my operating system is 2000 or later. There's a little sticker that says: designed for microsoft windows xp. Is that 2000 or later?
-
:) Hi Buffy :
I just revised my Post after going on the superantispyware site and
finding the program is compatible with all Windows Operating Systems
since 1998; your XP was issued AFTER that date, so I recommend you
use it . It may find other bad "stuff" that Avast is NOT detecting .
And AFTER you use it, I recommend you install the Good & FREE
"SpywareBlaster" from www.javacoolsoftware.com ; it helps to PREVENT
spyware from getting on the computer. There is a "Tutorial" on this program
at www.bleepingcomputer.com/tutorials/tutorial49.html .
-
Did you run boot time scanning like Eddy suggested?
I also suggest that you disable and then enable System restore again on Windows ME (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887) or Windows XP (http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;310405). System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.
It will be good if you download, install, update and run other trojan remover tools: a-squared (http://www.emsisoft.com/en/software/free/) and/or Free AVG Antispyware (http://www.ewido.net/en/) (trojan removers with very good detection rates).
-
Screenshots of how to do a boot time scan here:
http://www.digitalred.com/avast-boot-time.php (http://www.digitalred.com/avast-boot-time.php)
Note that if avast! detects a virus in memory, you will be given the option to run a boot time scan straight away: simply accept the option if it comes up and reboot.
-
Hi buffyneedshelp.
Because of the rootkitlike qualities of this malware it is a rather difficult malware to remove manually, but I give you the manual removal instructions as a check-up after removing this worm with a cleansing tool:
Find and remove the infected files of w32.feebs Trojan.
msdf32.dll
To delete the value from the registry entries of w32.feebs
Note: NoSnoopWare strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files.
Click Start > Run.
Type regedit
Then click OK
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}
In the right pane, reset the following value if applicable:
"Stubpath" = "C:\Recycled\userinit.exe"
HKEY_CLASSES_ROOT\CLSID\{A49B98EA-8F8F-969E-1B5E-37D83E29F7F8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad\msdf32.dll "{A49B98EA-8F8F-969E-1B5E-37D83E29F7F8}"
Exit the Registry Editor.
polonus
-
In addition to everything above, F-Secure has a removal tool if you find a need for it
http://www.f-secure.com/v-descs/feebs.shtml
-
You guys are SO awesome!! The screen Shot of Avast was just what I needed to help me make my Avast scan :) Thank you! Avast is still busy scanning (how long does it take?) but it shows the file with the js: feebs virus has been moved to the chest. It's also showing that there was another thing on my computer that also has been moved to the chest: weather bug/ minibug transporter win 32 adware gen (something like that) which I didn't even know was on my computer. So, now that you've taught me how to use my Avast, should I be running this scan thing every now and then rather then waiting for a virus notification to pop up?
Thank you for directing me to other protection programs. I'm going to hand the info over to my computer literate brother when he gets back in town and let him handle this. I'm afraid if I attempt anything more I'll blow-up my computer!
Thank you again. I really appreciate your help. If I have further trouble after it's finished scanning, I know where to find you. Quick, hide!
-
Time taken depends on how much data you have on the hard drive.
The boot time scan is really for removing stubborn malware. The avast! scanner interface is fine for normal scans.
If you've found signs of adware, I recommend running a couple of free adware scanners. (Don't forget to look for updates before you scan.)
http://www.download.com/3000-2144-10045910.html (http://www.download.com/3000-2144-10045910.html)
http://www.spybot.info/ (http://www.spybot.info/)
-
Hi ye all,
Just found an interesting snippet about the coding of this malware, and how this is being analysed:
http://asert.arbornetworks.com/2006/04/safely-investigating-malicious-javascript
Enjoy the interesting info on the Feebs javascript obfuscated with VSB, or rather how to treat with utmost caution, read this FwF, interesting, as I said.
polonus