Avast WEBforum
Other => Viruses and worms => Topic started by: Chajtek on October 09, 2011, 11:10:14 AM
-
Hello.
My sister downloaded a virus, which she got from friend (facebook chat) This link was virus. I have link for it, but I dont know, can I show it? Well. Virus automatically sends links on facebook and skype. Free avast silent...help. (windows 7 64bit)
-
Could you post the link?
Make it "unclickable",for example instead of www.google.com > wxx.google.com
-
WARNING! WIRUS! DONT CLICK!
wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
WARNING! WIRUS! DONT CLICK!
-
WARNING! WIRUS! DONT CLICK!
wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
WARNING! WIRUS! DONT CLICK!
Dead link :(
http://jsunpack.jeek.org/dec/go?report=2c286a4e1b4977c3efddbb2b3645b4954dd5faad
-
fck ;/. Hm...i fond this virus in C\Users\myname\Network...called igfxck32.exe , was hidden. It pretended to be a process of intel ...maybe someone know, what is a virus?
anyway thanks for help ;)
-
The link is dead,tried to open it at my virtual machine.Did you let avast,quarantine igfxck32.exe?
-
fck ;/. Hm...i fond this virus in C\Users\myname\Network...called igfxck32.exe , was hidden. It pretended to be a process of intel ...maybe someone know, what is a virus?
anyway thanks for help ;)
Check the file and the result http://www.virustotal.com/ show here.
If this virus is not determined by Avast .... send it to the lab.
Thank you.
http://vms.drweb.com/virus/?i=1487651&lng=en
Perhaps this is it :(
-
@Dim@rik...I failed, when i found this virus I instant deleted it...but i have any logs from avast, really sorry...;(
@Left123
Nope, but avast tried blocked (network shield) "something". In log last blocked website is: xxw://ip0.intelbackup.su/ext/0.php (WARNING! I dont know, what is it...)
Yes. This is it http://vms.drweb.com/virus/?i=1487651&lng=en
-
@Dim@rik...I failed, when i found this virus I instant deleted it...but i have any logs from avast, really sorry...;(
@Left123
Nope, but avast tried blocked (network shield) "something". In log last blocked website is: xxw://ip0.intelbackup.su/ext/0.php (WARNING! I dont know, what is it...)
Sorry ... a bit rushed ... and the link is dead too.
For prevention can scan Dr.Web CureIt!
http://www.freedrweb.com/cureit/how_it_works/
-
This is a kind of backdoor.Also found something here
http://www.prevx.com/filenames/393553541613212108-X1/IGFXSC32.EXE.html
Note File Name Aliases:
NEWPHOTO10.JPG_WWW.RAPIDHOSTING.COM
PICTURE05.JPEG_WWW.ULTRAFILEFACTORY.COM
These sites are related to pictures,phtos etc.
Compate with the first link > wxx.s3.tinyphotohd.com/dl.php?d4q1f&res=Picture13.JPG
I think it's just the same.
-
ok, but how do I remove it, just to make sure that I removed?
-
ok, but how do I remove it, just to make sure that I removed?
Do a full scan with avast.
-
Ok, thank to all, and upgrade avast, that avast can to detect it.
-
Ok, thank to all, and upgrade avast, that avast can to detect it.
In intelligence make logs
http://forum.avast.com/index.php?topic=53253.0
Essexboy thoroughly will help you.
-
It is ok now. I scanned, deleted virus, system is stable.