Avast WEBforum

Other => Viruses and worms => Topic started by: kyssme143 on March 28, 2010, 12:01:41 AM

Title: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
Post by: kyssme143 on March 28, 2010, 12:01:41 AM

It says the Malware name is "Win32:Dracur [Cryp]" and that it is a "Virus/Worm" and I'm using Windows XP Pro.  The actual filename that is showing up is "dmusic32.dll" and everytime I move it to the virus chest or delete it, it is just recreated.  Another anit-virus program is finding 3 additional files. lsass.exe, which it says is the Trojan Horse "SHeur3.MFR".  Then f_0033ab, which it says is the Trojan Horse "SHeur3.MWY".  Then f_0033aa, which it says is the Trojan Horse "SHeur3.MWY".  I don't know what to do?  How do I get rid of this thing?

Title: Re: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
Post by: Pondus on March 28, 2010, 12:53:54 AM

Quote

Another anit-virus program is finding 3 additional files.

Do you have more than one antivirus program installed ?

Running multiple antivirus
http://www.bleepingcomputer.com/forums/index.php?s=94b45a07b68749855fbc0acfcb205542&showtopic=260844&view=findpost&p=1441638

Clash Of The Antivirus Apps
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

 
lsass.exe may be a sasser infection
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=WORM_SASSER.A
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:

DMUSIC32.DLL
http://www.superantispyware.com/malwarefiles/DMUSIC32.DLL.html

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

Title: Re: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
Post by: DavidR on March 28, 2010, 01:13:48 AM

Since the other AVs detections appear to be Heuristic, e.g. the malware name given, SHeur3.xxx so I would suggest confirming the detections.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner (http://www.virustotal.com/) and report the findings here the URL in the Address bar of the VT results page.

As has been mentioned avoid having more than one resident AV installed.