« previous next »
Pages: [1]   Go Down

Author Topic: Major problem  (Read 8829 times)

0 Members and 1 Guest are viewing this topic.

veejax

  • Guest
Major problem
« on: March 09, 2003, 04:26:24 AM »
A machine on my client's small business network has been infected with the win95:dupator virus, despite protection by Avast 32 network edition. I have tried to clean it with Avast, but the resident scanner labels the Avast executables themselves as infected. I've run it anyway, and Avast will not clean the infected files because they are all 'in use' by other processes. I tried a tool from Trend Micro, but it will find the virus and require a reboot, then do nothing. Before the Trend Micro tool finishes its complete scan, it causes an invalid page fault and shuts down. Any ideas? I am the one who recommended Avast to this client, and he wants to know how his machine got infected  :-[ Any good answers? TIA
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Major problem
« Reply #1 on: March 09, 2003, 10:30:02 AM »
The dupator Virus is been droppt by a Variant of the Opasoft Worm. Maybe Avast32 contains strill a Dosversion, so maybe Avast is able to clean the Virus under Dos. You do nnot need a Bootdisk, just boot via "F8"
Button into Dosmode and start  the Dsversion of Avast. But to consider; recover the files from a clean Backup is always better, than cleaning them.

The Virus seems "only" to replicate and does not modify or delete.

And he should close his Ports 135-139 to avoid getting reinfected by  The Opasoft Worm again( if he realy got infected through Virusdropping )

This is only my opinion and remember that i do not work for Avast or an other AV-Firm.;)
Logged
MfG Ralf

Pavel Mourek

  • Guest
Re:Major problem
« Reply #2 on: March 10, 2003, 12:36:34 PM »
I've sent you the Dupator virus removal to your mail at hotmail.com. Use is for then virus removal in DOS mode. Then use avast! for Opas virus removal.

Avast detects all variants of Win32 Opas virus. But in its default configuration doesn't scan files which are being copied to the computer (resident protection doesn't slower the PC so much). And if there is PC with enabled sharing of files and printers using the Windows 95/98 or Me operating systems without security patches applied it is possible for Opas virus to copy itself from the Internet to such a PC. To prevent copying files from Internet apply the security patches, use passwords for shares. You can also change the avast's resident protection to scan files being copied. Then avast will detect this virus when is copied from net, but cannot prevent the copying itself. Avast is not a firewall. So this virus infection was caused mainly by unsecured operating system.
Check this page for more:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS00-072.asp
« Last Edit: March 10, 2003, 12:41:59 PM by Kocour »
Logged
Pages: [1]   Go Up
« previous next »