Author Topic: Win32: Mugly-C Worm  (Read 12841 times)

0 Members and 1 Guest are viewing this topic.

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #15 on: April 17, 2005, 08:39:37 PM »
DavidR,

I also used notepad to create a .txt file and then moved this .txt file to a new folder located in C:\testing\jotti.

I then went to Jotti's site and uploaded this file with no problems.  Of course no infections were found with any of the scanners.

So, I know that Zone Alarm is not the problem.

John
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84618
  • No support PMs thanks
Re: Win32: Mugly-C Worm
« Reply #16 on: April 17, 2005, 10:34:00 PM »
Are the files still in the avast chest?
How did you get them out of the chest into c:\virus check\?

Files in the chest are I think encrypted so if you copied them to c:\virus chest\ using explorer they could be encrypted and Jotti won't scan them, perhaps this is why they are reported as 0 bytes, I don't know, I have never heard of this before.

If you have the files in the chest you can restore them using the Chest, Menu, File, Restore, that should put them back where they were originally. Then you could try Jotti again using the original location. Sorry I'm running out of ideas too.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #17 on: April 17, 2005, 10:55:51 PM »
Are the files still in the avast chest?
How did you get them out of the chest into c:\virus check\?

Files in the chest are I think encrypted so if you copied them to c:\virus chest\ using explorer they could be encrypted and Jotti won't scan them, perhaps this is why they are reported as 0 bytes, I don't know, I have never heard of this before.

If you have the files in the chest you can restore them using the Chest, Menu, File, Restore, that should put them back where they were originally. Then you could try Jotti again using the original location. Sorry I'm running out of ideas too.
DavidR,

I got them out of the Chest by extracting them to the "virus check" folder.

I did as you suggested and went back to the Chest and picked one of the files and restored it to it's original location, "C:\Windows\system32\BSZIP.DLL and then went back to Jotti's site and tried to upload the file from this original location and still got the same error message.

I appreciate all your help.

So, now I have these virus files in 3 places that I know of.

1.  The Chest   2.  C:\virus check  3.  C:\Windows\system32\BSZIP.DLL.

I also have system restore turned off as well as Zone Alarm.

I know your running out of ideas as well so do you know of anywhere else I could get some answers?
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re: Win32: Mugly-C Worm
« Reply #18 on: April 17, 2005, 11:57:27 PM »
Hi John,
of cause you need to PAUSE avast Shield(s) when you try to upload this stuff;
otherwise avast will BLOCK access to the file (as is his job)

 ;)

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #19 on: April 18, 2005, 02:51:36 PM »
Hi John,
of cause you need to PAUSE avast Shield(s) when you try to upload this stuff;
otherwise avast will BLOCK access to the file (as is his job)

 ;)

Hi whocares,

Do I pause all providers or just certain ones?

Why would I be able to upload the .txt file I created and not have to pause Avast's shields but you're saying to upload the suspected infected files I need to pause Avast's shields.

Thanks for helping,
John
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84618
  • No support PMs thanks
Re: Win32: Mugly-C Worm
« Reply #20 on: April 18, 2005, 03:01:02 PM »
Pause Web Shield and see if that is sufficient, if not you may need to pause the Standard Shield.

Because Web Shield/Standard Shield scans your .txt file and finds no infection, so it would pass through with no problem.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #21 on: April 18, 2005, 03:37:26 PM »
Pause Web Shield and see if that is sufficient, if not you may need to pause the Standard Shield.

Because Web Shield/Standard Shield scans your .txt file and finds no infection, so it would pass through with no problem.

DavidR,

Good Morning. 

I think we're finally getting somewhere.

I had to pause Avast's Standard shield as you suggested, tried the web shield first but still couldn't upload.

I uploaded 3 different infected files and each time they were scanned at Jotti's only Avast recognized them as infected.  All other scanners came back as "nothing found".

So I'm assuming that these are false positives?

If they are,  what do I do to stop Avast from alerting me with the alarm boxes and do I just "restore" all these files to their original location from the Chest?

Also, If I need to send these files to Avast could you please tell me how to do this in real simple terms?

Thanks a ton,
John
 
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84618
  • No support PMs thanks
Re: Win32: Mugly-C Worm
« Reply #22 on: April 18, 2005, 06:23:58 PM »
Do you have a zip program such as WinZip?

If so, you can zip and password protect ('virus', will do for the password) the suspect file/s and send it to virus @ avast.com (no spaces).

Right click on the file (from the original location, not chest) and select WinZip from the context menu, then 'Zip and email Plus'. In the pop-up tick the password box (see image) and click OK, enter the password (and confirm password) and click OK this will create the password protected file (so avast can't scan it) open your email program and attach the zip file, enter the To address. virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #23 on: April 19, 2005, 08:41:26 PM »
Do you have a zip program such as WinZip?

If so, you can zip and password protect ('virus', will do for the password) the suspect file/s and send it to virus @ avast.com (no spaces).

Right click on the file (from the original location, not chest) and select WinZip from the context menu, then 'Zip and email Plus'. In the pop-up tick the password box (see image) and click OK, enter the password (and confirm password) and click OK this will create the password protected file (so avast can't scan it) open your email program and attach the zip file, enter the To address. virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
DavidR,
I downloaded the WinZip program and when I bring up the Zip and e-mail plus box there is only a box there to tick to encrypt the file.

I checked it and was given a new box to create a password which I did (virus).

I then went to hotmail to send the e-mail and attachment but after clicking send I get an error message saying a virus was detected in this e-mail and that it could not be sent.

Any ideas on how I can send this to Avast?  I also tried using Outlook Express but apparently it's not configured correctly because I get error messages after clicking on send and no messages are sent. 

My Win 98 machine can send and receive messages fine with Outlook Express and I'm not going to try to copy this file to my Win 98 machine.

I have Outlook Express configured on the XP PC the same as the 98 PC so why can't I send this file?

This is getting ridiculous,
John
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84618
  • No support PMs thanks
Re: Win32: Mugly-C Worm
« Reply #24 on: April 19, 2005, 10:26:25 PM »
What said there was a virus, avast or hotmail?
Do you not have a regular pop3 email account you can send it with rather than hotmail?

The attachment can't have been encrypted and password protected it couldn't possibly be scanned without a password or the encryption. When you think you created the zip file what was the extension, .exe (self-extracting encrypted zip file) or .zip regular zip file?

If it was an .exe file as in above it could be unencrypted automatically and possibly be detected, though not certain.

I have an earlier version of winzip (8.1) so that may be the reason for the slight difference. You will need to check the winzip help file about creating a password protected zip file.

You could try 7zip as another option (freeware), but first check out the winzip help file to see if you can create a password protected zip file (not self-extracting), even if you have to create it saved on your HDD and attach it to an email that you initiated.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #25 on: April 20, 2005, 07:26:33 PM »
DavidR,

You've been a great help through all these problems and thanks for sticking with me.

Apparently Avast doesn't need this file now anyways.

Last time I scanned with Avast there was nothing detected.

Also, I went to Jotti's site and uploaded the same files as before and none of the scanners were detecting this virus.

So apparently it was a false positive and the good people at Avast have fixed this problem.

I'll be signing off now, so again DavidR and whocares and all others, thank you very much for your help,
John

Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84618
  • No support PMs thanks
Re: Win32: Mugly-C Worm
« Reply #26 on: April 20, 2005, 08:29:51 PM »
You too persevered and didn't give up, especially when what we were trying to do (report a false positive, once identified) would help avast and indirectly other avast users and not yourself directly.

But it has been a learning experience for you so it wasn't time wasted.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline atmlt

  • Newbie
  • *
  • Posts: 2
Re: Win32: Mugly-C Worm
« Reply #27 on: April 21, 2005, 04:23:09 AM »
Hi
Some days past, Avast! notified me of the mugly-c worm.
It seemed to have contained it, as I've since run many thorough scans with not only Avast!, but Windows anti-virus, and AVG also.  Everything seemed fine.
Until scanning tonight. (Wed. 20th)
A message came on during the scan from Windows which said:
"Files that are required to run properly have been replaced by unrecognized versions.   To maintain system stability, windows must restore the original version of these files."
Something to do with a wrong CD, and wanting am original.
Does this have anything to do with the Mugly worm? 
The message was not telling what CD I should use. And if I need to do anything else before using it.
Any ideas about this?  It is very vague.
thanks

Offline john36

  • Jr. Member
  • **
  • Posts: 44
  • I'm a llama!
Re: Win32: Mugly-C Worm
« Reply #28 on: April 22, 2005, 03:34:00 PM »
Hi
Some days past, Avast! notified me of the mugly-c worm.
It seemed to have contained it, as I've since run many thorough scans with not only Avast!, but Windows anti-virus, and AVG also.  Everything seemed fine.
Until scanning tonight. (Wed. 20th)
A message came on during the scan from Windows which said:
"Files that are required to run properly have been replaced by unrecognized versions.   To maintain system stability, windows must restore the original version of these files."
Something to do with a wrong CD, and wanting am original.
Does this have anything to do with the Mugly worm? 
The message was not telling what CD I should use. And if I need to do anything else before using it.
Any ideas about this?  It is very vague.
thanks

[/quote
atmlt,

As you probably know by now,  the Mugly-C worm warning on my pc was a false positive.   Apparently Avast has fixed that problem.

Not sure what type of "Windows antivirus scan" you did but I never got any of those types of messages with my problems.

You didn't delete any files while you were getting the Mugly-C warnings did you?

Hopefully one of the experts here will jump in and try to help.

Good luck,
John
Avast 5 Free - WinXP Pro  - Firefox - ZA Pro -   -   - Spyware Blaster - Prevx 3 - Key Scrambler - Sandboxie - FD-ISR - Acronis True Image 9