Avast WEBforum
Other => Viruses and worms => Topic started by: kyssme143 on March 28, 2010, 12:01:41 AM
-
It says the Malware name is "Win32:Dracur [Cryp]" and that it is a "Virus/Worm" and I'm using Windows XP Pro. The actual filename that is showing up is "dmusic32.dll" and everytime I move it to the virus chest or delete it, it is just recreated. Another anit-virus program is finding 3 additional files. lsass.exe, which it says is the Trojan Horse "SHeur3.MFR". Then f_0033ab, which it says is the Trojan Horse "SHeur3.MWY". Then f_0033aa, which it says is the Trojan Horse "SHeur3.MWY". I don't know what to do? How do I get rid of this thing?
-
Another anit-virus program is finding 3 additional files.
Do you have more than one antivirus program installed ?
Running multiple antivirus
http://www.bleepingcomputer.com/forums/index.php?s=94b45a07b68749855fbc0acfcb205542&showtopic=260844&view=findpost&p=1441638
Clash Of The Antivirus Apps
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp
lsass.exe may be a sasser infection
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=WORM_SASSER.A
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:
DMUSIC32.DLL
http://www.superantispyware.com/malwarefiles/DMUSIC32.DLL.html
Check your computer for Malware with
Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found
SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26
If anything is found come back and post the scan logs here
-
Since the other AVs detections appear to be Heuristic, e.g. the malware name given, SHeur3.xxx so I would suggest confirming the detections.
Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.
As has been mentioned avoid having more than one resident AV installed.