« previous next »
Pages: [1]   Go Down

Author Topic: Win32:Savno  (Read 5661 times)

0 Members and 1 Guest are viewing this topic.

ertzsi

  • Guest
Win32:Savno
« on: October 02, 2003, 09:55:26 PM »
Hi!

Avast Home Edition is unable to disinfect this, as the computer got infected before I installed Avast!

1) Avast Home tells me that the name of this worm is  Win32:Savno, but I'm unable to find any references to it here. Dows anybody know the other/right name for it?

2) How do I get rid of it? It seems I should be able to boot the computer from a diskette/CD with NTFS support (the conputer is running WXP Home Edition) and then use the right tool to remove it. The question is: Where do I get a boot diskette or CD that supports NTFS 5, which comes along with WXP? Where could I find the remove tool?

3) Is this the right/only way to do it?

Tnx in advance & rgds,
Eero
Logged

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Win32:Savno
« Reply #1 on: October 02, 2003, 10:06:45 PM »
Eero, it may actually be a false alarm, in this particular case. The latest virus database has a problem that may have just these symptoms - incorrect flagging of legal file(s) as infected with Win32:Savno. Please wait for the tomorrow's update and rescan the disk - it's quite likely that the alarm will disappear with the updated DB...

Sorry for this,
Vlk
« Last Edit: October 02, 2003, 10:06:55 PM by Vlk »
Logged
If at first you don't succeed, then skydiving's not for you.

ertzsi

  • Guest
Re:Win32:Savno
« Reply #2 on: October 03, 2003, 06:39:58 AM »
Unfortunately, I think that this computer is actually infected with a worm or virus of some kind. The disk runs crazy for too long after the boot and something is preventing Avast to update its virus database.

Any ideas on how to check this out to be sure?
Logged

whocares

  • Guest
Re:Win32:Savno
« Reply #3 on: October 03, 2003, 11:00:36 AM »
Hi,
you might try to scan the PC/the file in question with a second scanner, e.g. Online scanners by
Trend, KAV (see below) or from
www.trendmicro.com
www.ravantivirus.com

 ;)
Logged

techie101

  • Guest
Re:Win32:Savno
« Reply #4 on: October 03, 2003, 08:33:07 PM »
I believe that it is a false alarm, only because I have the same alert from Avast.  The only reason I believe it to be false, is that Avast found it in the Avast4Home.exe file!!!

I switched up my Resident sensitivity to HIGH this morning to see the result and got the w32:savno virus alert.
It is not detected when the sensitivity is set to Normal(Standard).

The actual name of the real virus is w32:hllp.savno
It is spread through the Kazaa folder and may also attach a password stealing worm into your system which will send your passwords to an internet site.

The best thing to do is MOVE the "infected" file to the Chest for now.
Where do you  have the Resident Protection sensitivity set?
What is the complete name of the file that Avast found?

Then as whocares recommended, do an online scan at www.Kaspersky.com, or www.symantec.com

If they give you a clean bill of health, then  you have suffered only a false positive.  Scary aint it!

 :o
Logged

ertzsi

  • Guest
Re:Win32:Savno
« Reply #5 on: October 05, 2003, 11:00:00 AM »
Thanks guys, but I deceided to solve this problem the easy & reliable way:
Reformat & install all security patches & a virus scanner.

Just to be sure.

Thanks for your time & suggestions.

Case closed.
Logged
Pages: [1]   Go Up
« previous next »