Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Steele on February 28, 2004, 10:28:52 PM
-
How do I get rid of this virus/worm?
http://www.techsupportforum.com/computer/topic/13096-1.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BEREB.B
I got it through WinMX when downloading a zip file. Interesting how Avast4Home did not pick it up with the resident sheild. :'(
-
And the on-demand did detect it?
-
I have isolated the file as "SVCKERNELL.COM". It also created a folder called "startrwin" and places "startrwin" in the WINDOWS folder.
SVCKERNELL.COM is listed in the processes (in Windows 98SE) when I press ctrl-alt-del...ONLY BEFORE Windows completes loading my desktop. I caught it intime to find out what the forign startup program was called. I think it tries to hide itself.
Should I send it to you VLK? I've never tried sending a virus before?? ???
VLK: Let me try a THOUROUGH scan option first.
-
Yes please zip the file with a password and send it (together with the password) to the address
virus (AT) avast (DOT) com
The analysts will take a look at it.
Thanks
Vlk
-
VLK :)
I sent the virus to them in a password protected .ZIP file.
Thanks for you help.
the virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.
This information was helpful from TrendMicro:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the malware from executing during startup.
Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Taskmanager = “C:\Windows\taskmgr.com”
OR
Svckernell=”c:\windows\svckernell.com”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.
The svckernell.com was in my registry. I removed it.
-
The virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.
Just a curiosity: have you installed Norton SystemWorks (or NAV) anytime - even in the past - in your computer?
It messes your registry and you would be in danger with on-access scanning of .exe files...
You can read more here (http://www.avast.com/forum/index.php?board=2;action=display;threadid=1687).
-
Steele you may also consider moving the On-Access scanner sensitivity slider to the High position. Otherwise, the files are not usually scanned unless they're executed (i.e. the virus is trying to activate).
-
That's a good idea. Thank you VLK! ;D
Also, I sent my virus into avast. There going to add it into furture detections A.S.A.P.
~Steele Wolf~
-
Also no. I have NEVER used another AntiVirus product.
A did a recent clean install of XP then just installed AVAST4HOME. ;D
Norton? ???
Yuck! :o
Never!! ;D