Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Ralphie Boy on May 02, 2003, 08:17:56 AM

Title: Encounter with KWBot-D
Post by: Ralphie Boy on May 02, 2003, 08:17:56 AM

 :-\  I have just run a virus scan and found KWBot-D has taken residence desite Avast 4 in operation.  VDRB was activated.  Problem:  scan will not allow me to delete, rename or move virus to chest.  Scan will therefore not continue and virus remains.

Can you help me??

TIA

RB

Title: Re:Encounter with KWBot-D
Post by: raman on May 02, 2003, 11:02:04 AM

It seems that this Virus spread via Kazza. Take a look at this link: http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=KWBot&product=0
 Maybe the easiest is to start Windows in safe mode and then start Avast or close the running "Virustasks" and delete the files than. What are the names of the files Avast found that Virus in,  cmd32.exe or system32.exe?

BTW: cool nickname! :)

Title: Re:Encounter with KWBot-D
Post by: Ralphie Boy on May 04, 2003, 01:08:43 AM

Thanks Raman for the response...  It's in the CMD.exe.  I will try the safe mode strategy tonight and check back with the results.

RB

Title: Re:Encounter with KWBot-D
Post by: raman on May 04, 2003, 08:47:30 AM

Wow, be carefull! CMD.EXE is a Part of winxp/2000, CMD32.EXE isn´t.

Title: Re:Encounter with KWBot-D
Post by: Ralphie Boy on May 05, 2003, 07:59:57 AM

Hi Raman,

I followed the directions in the link you sent me.  I went into the safe mode and edited the registry as suggested, after a full virus scan.  The virus did show up, but was easily deleted this time.  No problems with the computer so far...BTW,  I am running WIN98SE.  ;D

Thanks again for your help!

RB