Author Topic: Help - SDFE-ZhugeLiang-5976 warning  (Read 5123 times)

0 Members and 1 Guest are viewing this topic.

hondaman

  • Guest
Help - SDFE-ZhugeLiang-5976 warning
« on: January 14, 2006, 11:28:07 PM »
Hello,
I have been using Avast for ages with absolutely no problems on my Dell Inspiron 8200 laptop which I use as a desktop. I have never had a virus on any of my systems.
Tonight when I switched my machine on, I deleted a 30 day trial version of DiskPerfect7 and connected to the internet. Avast downloaded some updates. Almost immediately when I tried to access any internet sites (even google etc) I get a warning alarm that a virus has been detected and it says (the site in question) contains a sample of SDFE-ZhugeLiang-5976. I have run the virus checker through the system and have also used AVASTs vrus killer? but I am still getting these warning messages for every internet site. I do not get any messages if I am not connected to the internet. I have searched and cannot find what that virus relates to. I use a broadband connection and do download some video content from car and mountainbike sites but I have never had any problems before. Any help would be very much appreciated. First time on this site so apologise if this is the wrong area. Thanks, Bill

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #1 on: January 15, 2006, 12:46:13 AM »
Hondaman, are you running Windows XP? Can't you schedule a boot time scanning?
Besides this, why don't you delete your temporary files and disable system restore? (to enable again after boot)
In fact the better area would be the Virus board in this case  ;)
The best things in life are free.

hondaman

  • Guest
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #2 on: January 15, 2006, 02:19:13 AM »
Hi Tech,

Yes I use XP and always clear out temp files etc. I use Firefox rather than IE. Was just trying to find if anyone knew what that virus related to as google doesnt appear to shed any light on it. There is a similar post for a samed named virus but with a different last four numbers on this site some time ago when I think they were inferring it was a problem after an Avast update - if that's possible. Heading for bed now so I'll have to have another look later on today. Damm thing is still squawking!!
Thanks for the reply.

hondaman

  • Guest
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #3 on: January 15, 2006, 11:43:25 AM »
Tech,
I carried out a boot scan overnight and so far everything seems to have returned to normal. I will read through all the sites hints and tips when I get a chance but I panicked a bit last night when AVAST was warning every few seconds no matter what precautions or remedies I took. Still dont know what the actual warning was in relation to - any ideas? Thanks once again.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #4 on: January 15, 2006, 01:11:39 PM »
Still dont know what the actual warning was in relation to - any ideas? Thanks once again.
Last night we had an update to the virus database, could it be only a false positive?
If not, maybe you get rid of it after taking the necessary precautions.
If you run a full through scanning with avast (archive files included) does it show anything?
The best things in life are free.

hondaman

  • Guest
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #5 on: January 15, 2006, 06:43:25 PM »
Have looked through the logs and these were found earlier in the evening

14/01/2006 19:36:30   bill   3868   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\browserxtras\pn\remove.exe" file. 
14/01/2006 21:18:07   SYSTEM   156   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP275\A0076161.exe" file. 

I then followed your advice re a boot scan and this was the result

15/01/2006 01:08:02   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://192.168.2.1/data.js" file. 
15/01/2006 01:08:31   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://192.168.2.1/" file. 
15/01/2006 01:09:11   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://192.168.2.1/index.stm" file. 
15/01/2006 01:09:47   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://forum.avast.com/index.php?topic=18683.0\PxB14B" file. 
15/01/2006 01:11:52   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://forum.avast.com/index.php?action=pm;sa=send;u=18282\PxB150" file. 
15/01/2006 01:14:34   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://forum.avast.com/index.php?action=post;topic=18683.0;num_replies=1\PxB152" file. 
15/01/2006 01:21:20   SYSTEM   156   Sign of "SDFE-ZhugeLiang-5976" has been found in "http://192.168.2.1/" file. 

Since the boot scan everything has been ok again. the logs also contained information indicating every site accessed had a sign of SDFE-ZhugeLiang-5976 (whatever that is).

CharleyO

  • Guest
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #6 on: January 15, 2006, 06:55:40 PM »
***

It is spyware and according to this site has been around since November, 1995 ...

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453090308

So, it appears that you have spyware on your computer. This is why every site you visit appears to have this spyware ... though the spyware is not at these sites but is spying on what sites you go to.   :(

Edit :

It appears McAfee knows little about this ......

 http://hq.mcafeeasap.com/dispVirus.asp?virus_k=105383

Removal instructions here though I do not know if this will completely remove it but worth a try:  (Remove the following files - amravm.com)

http://www.spywaredb.com/remove-zhugeliang-5976-c/



***
« Last Edit: January 15, 2006, 07:15:44 PM by CharleyO »

hondaman

  • Guest
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #7 on: January 16, 2006, 10:20:58 PM »
Thanks,

I seem to have got rid of the problem now. Thanks for the information.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Help - SDFE-ZhugeLiang-5976 warning
« Reply #8 on: January 16, 2006, 10:43:52 PM »
Hi hondaman,

Probably you did it right the first time around. However before following the instructions of removing the file, in this case amravm.com, we have to advice people first to backup their registry and system and on setting a restore.point with Win XP, just in case anything goes wrong removing the file. This is especially true with nasty complicated scumware, where we try to remove it via software programs. Later if something goes worong we can reset the situation prior to that, and try manually or in another way. Always keep your options open, folks, else we have a system demanding some removed executable etc. etc.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!