Avast WEBforum
Other => Viruses and worms => Topic started by: chem-ixtrems on June 19, 2008, 12:12:22 AM
-
Hello. Avast(with last updates) found virus "Win32:Agent-WUB [trj]" in C:\WINDOWS\system32\browsew.dll. I deleted it. But after rebote this virus didn't deleted.
What i must do?
-
Besides the fact that delete is not the safer option. Choose send to Chest, there the file could be further analyzed, I suggest:
1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
6. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or, better, submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).
-
I don't have that file in my system32 folder, I think this is a
I have browseui.dll, which is a MS file, also browsewm.dll, also an MS file, but no sign of browsew.dll. I have searched all of my HDD and no sign of it.
A google search finds this is part of a fake alert process so it might well be that avast is correctly detecting it, but something is restoring it.
See http://www.uninstall-spyware.com/uninstallTrojanFakeAlert.html (http://www.uninstall-spyware.com/uninstallTrojanFakeAlert.html) and http://www.windowsvistaplace.com/unknown-trojan-removal-instructions/spyware-removal (http://www.windowsvistaplace.com/unknown-trojan-removal-instructions/spyware-removal).
-
Hi chem-ixtrems,
Trojan Win32.Murlo is a new warning message that is being generated by a rogue anti-spyware program
like iE Defender or Files Secure, and that is a variety of malicious software created by Internet crackers.
It is a Trojan.win32 variant, Trojan.Win32.agent.akk, Trojan.Win32.Patched, Trojan.Win32, or Trojan.Win32.Qoologic.
You may get an alert for this virus: "Your computer is infected with Trojan Win32.Murlo".
Trojan Win32.Murlo as such is not a virus, but part of a rogue anti-spyware program.
Never install software related to Trojan Win32.Murlo, because it is rogue and can infect your computer
additionally.
Manual removal:
files associated with this infection (Trojan Win32.Murlo):
poswin.dll
avicap3.dll
xmljacodec.dll
hggdbab.dll
ddcyvtt.dll
ctl3d3.dll
sprt_ads.dll
browsew.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
oggview32.dll
toprates.dll
turbosearchsite.dll
tuvtr.dll
efcdcbx.dll
mljjh.dll
duserf.dll
dbmsrpcnw.dll
pmkhi.dll
ttaqdcwmaoxzw.dll
D3DCompiler_3.dll
domnftwqpd.dll
wfcynbmx.dll
sstqr.dll
dynamic link data associated with (Trojan Win32.Murlo):
poswin.dll
avicap3.dll
xmljacodec.dll
hggdbab.dll
ddcyvtt.dll
ctl3d3.dll
sprt_ads.dll
browsew.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
oggview32.dll
toprates.dll
turbosearchsite.dll
tuvtr.dll
efcdcbx.dll
mljjh.dll
duserf.dll
dbmsrpcnw.dll
pmkhi.dll
ttaqdcwmaoxzw.dll
D3DCompiler_3.dll
domnftwqpd.dll
wfcynbmx.dll
sstqr.dll
values to be deleted from the registry: (Trojan Win32.Murlo):
CAA8DC4B-648A-4C2F-8F2A-39E607830DEF
4E7BD74F-2B8D-469E-A0E8-F479B685FA7D
4AAC4708-FE47-4B80-92EF-47406444DDD2
8E015787-B1E3-404a-95DE-3E71E1FA0305
3D50DBC0-414E-480F-9C5E-5DB9E4568EF7
7E24E909-FB8A-4837-9DF7-05E7587CB26C
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
14B65C62-1F53-4B15-9476-5D697608536F
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
80DFDD57-D8B8-4991-82B9-9E9D426668B0
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
4090F502-6B2D-41B4-8409-B08905A3A0E6
82C8422E-86A3-41C1-9F2E-094F7BF849E2
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
4911E55D-9240-49DB-B878-337DE4F53E70
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB
9733dacb-e689-4eb1-9928-aa8008944dd5
C3DFA1D4-A6F6-4920-A4E1-AD78DA649AA2
BD8C0E45-7FC1-48A2-8A8A-ABCDFF848D23
00DC0058-A87E-4D19-9C26-F1AAC98AD4D7
69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014
E90BBB19-1B2E-42C0-8BFF-AFC6984247DD
1E40AD15-4280-428A-9A26-AB96F9DA2ACE
4EBAA7B0-740D-4CFA-9455-5C233BB354E1
9DEC81A1-919F-41F0-A983-7F202E3EBBB3
819EFD78-6FD4-42EF-9030-F6DAB24BB9F0
polonus