Author Topic: infected with win32:vibpack  (Read 5372 times)

0 Members and 1 Guest are viewing this topic.

zwymou

  • Guest
infected with win32:vibpack
« on: October 13, 2005, 08:13:22 PM »
I am a very novice user of antiviruses, thought i should have start earlier.
I have scan my computer with avast first and found my computer was infected with
win32: vibpack (wrm)

first in programfiles\winupdates\winupdates.exe

I've look over the net and have not find any complete info on this worm
I may not did the right thing but i have deleted this file because i was not able to repair it.
I have deleted me temp file to make sure there was no problem also.

after next scan I found it back in:
c:\System Volume Information\_restore{C346D86B-B88F-4D89-AC8E-B3FD5C2AF40D}\RP157\A0017584.EXE


zwymou

  • Guest
Re: infected with win32:vibpack
« Reply #1 on: October 13, 2005, 08:17:21 PM »
sorry i had not finished.

last file(listed above) I just asked to ignore.

i made another scan after and now avast have not find anything?

Was it a true virus\worm? Nobody never confirm it in any forum I did research on?

I have succed in getting ride of?! or just have chance to get a very big surprise later?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: infected with win32:vibpack
« Reply #2 on: October 13, 2005, 08:32:46 PM »
Disable system restore, reboot, that will clear all restore points. Do another scan and if all clear, enable system restore again.

It is unlikely that it could repair only certain files are repairable, e.g. files that have been infected (and are monitored/protected by the VRDB), rather than the virus file, which is totally malicious.

It is best to send it to the virus chest, first do no harm and investigate as you have done here by asking questions and searching google (see below), etc. This way if the file has been incorrectly it can be restored from the chest.

A google search for winupdates.exe shows this is likely to be the 'W32.HLLW.Gaobot.BB' or 'Rbot family' and your OS may be out of date if this was Gaobot.BB as this virus exploits MS vulnerabilities that have long ago been patched. So a visit to windows update is in order.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: infected with win32:vibpack
« Reply #3 on: October 13, 2005, 08:39:49 PM »
last file(listed above) I just asked to ignore.
i made another scan after and now avast have not find anything?
Was it a true virus\worm? Nobody never confirm it in any forum I did research on?
I have succed in getting ride of?! or just have chance to get a very big surprise later?

Ignoring it before knowing if it was a virus is not wise, send to chest and investigate.
I don't know if by saying ignore it, it is added to the avast exclusions lists and as such won't be scanned or found. Check the avast exclusions and if it has been added remove it and scan again.

There may be a possibility of a surprise, but we/you will have to deal with that as and when. Do a full thorough scan including archives to confirm, this is likely to take some considerable time as it is very thorough. You could also do an on-line scan using a different scan engine as a double ckeck.
RejZoR's Website - Security Ops
On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Vicetta

  • Guest
Re: infected with win32:vibpack
« Reply #4 on: November 13, 2005, 03:00:19 AM »
 My Avast 4.6-although updated daily suddenly told me that I was infected with Vibpack(the spinning globe had stopped and the Virus Chest disabled)in file C/Program Files/winupdate/winupdate.exe A startup scan by Avast got rid of Vibpack-which had spread to System Restore, and Pagefile. My question is-how did Avast and Microsoft Spyware not stop this worm from getting onto my PC in the first place

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: infected with win32:vibpack
« Reply #5 on: November 13, 2005, 03:10:51 AM »
Did you set your sensitivity to High or Normal?
Do you have any other antivirus or antispyware monitor (resident) in your computer?
Pagefile.sys could be on the exclusion list (not-scanned).
The System Restore if disabled and then enabled again will be clean.
But, the answer to your question is not that easy...
The best things in life are free.