Author Topic: Multiple viruses found  (Read 5084 times)

0 Members and 1 Guest are viewing this topic.

Kakzle

  • Guest
Multiple viruses found
« on: December 06, 2003, 05:07:39 AM »
Win32:Sdbot-g12
Win95:Matyas
Win31:Kuang2
Win32:DyfunDldr
Avast keeps finding these viruses and it won't repair them, so I just placed them in the chest. I downloaded the virus cleaner and it didn't find anything.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Multiple viruses found
« Reply #1 on: December 06, 2003, 05:26:56 AM »
"People who are really serious about software should make their own hardware." - Alan Kay

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Multiple viruses found
« Reply #2 on: December 06, 2003, 01:01:59 PM »
What files were these viruses detected in?

Kakzle

  • Guest
Re:Multiple viruses found
« Reply #3 on: December 06, 2003, 04:26:30 PM »
 This is the best way I know how to give you all the information. I copied the xml file in the chest and pasted it here.
 <?xml version="1.0" encoding="UTF-8" ?>
- <aswObject>
  <NewId>0000000E</NewId>
- <ChestEntry>
  <ChestId>00000001</ChestId>
  <FileTime>960498000</FileTime>
  <OrigFileName>kernel32.dll</OrigFileName>
  <OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
  <Comment />
  <Category>System</Category>
  <TransferTime>1068596954</TransferTime>
  <FileSize>536576</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000002</ChestId>
  <FileTime>1036551338</FileTime>
  <OrigFileName>wsock32.dll</OrigFileName>
  <OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
  <Comment />
  <Category>System</Category>
  <TransferTime>1068596956</TransferTime>
  <FileSize>36864</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000003</ChestId>
  <FileTime>960498000</FileTime>
  <OrigFileName>command.com</OrigFileName>
  <OrigFolder>C:</OrigFolder>
  <Comment />
  <Category>System</Category>
  <TransferTime>1068596957</TransferTime>
  <FileSize>93040</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000004</ChestId>
  <FileTime>1067581274</FileTime>
  <OrigFileName>cln4066.TMP</OrigFileName>
  <OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
  <Comment />
  <Virus>Win32:DyfucDldr [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1068597354</TransferTime>
  <FileSize>69632</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000005</ChestId>
  <FileTime>1068655928</FileTime>
  <OrigFileName>trz4062.TMP</OrigFileName>
  <OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
  <Comment />
  <Virus>Win32:DyfucDldr [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1068642741</TransferTime>
  <FileSize>69632</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000006</ChestId>
  <FileTime>1068656056</FileTime>
  <OrigFileName>trz60E3.TMP</OrigFileName>
  <OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
  <Comment />
  <Virus>Win32:DyfucDldr [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1068642747</TransferTime>
  <FileSize>69632</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000007</ChestId>
  <FileTime>1068613136</FileTime>
  <OrigFileName>Folders.dbx</OrigFileName>
  <OrigFolder>c:\WINDOWS\Application Data\Identities\{94C2B5C9-26A8-4F76-B240-5D5F6ECF8C0B}\Microsoft\Outlook Express</OrigFolder>
  <Comment />
  <Virus>Win32:DyfucDldr [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1068642787</TransferTime>
  <FileSize>74720</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000008</ChestId>
  <FileTime>1068658846</FileTime>
  <OrigFileName>pavdll.dll</OrigFileName>
  <OrigFolder>c:\My Documents\padmin.exe</OrigFolder>
  <Comment />
  <Virus>Win32:Kuang2</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1068644477</TransferTime>
  <FileSize>1179648</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>00000009</ChestId>
  <FileTime>1068658882</FileTime>
  <OrigFileName>pav.sig</OrigFileName>
  <OrigFolder>c:\My Documents\padmin.exe</OrigFolder>
  <Comment />
  <Virus>Win95:Matyas</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1068644514</TransferTime>
  <FileSize>3125710</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000A</ChestId>
  <FileTime>960498000</FileTime>
  <OrigFileName>wsock32.dll</OrigFileName>
  <OrigFolder>C:\WINDOWS\SYSTEM</OrigFolder>
  <Comment />
  <Category>System</Category>
  <TransferTime>1068654750</TransferTime>
  <FileSize>36864</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000B</ChestId>
  <FileTime>1070344190</FileTime>
  <OrigFileName>[UPX]</OrigFileName>
  <OrigFolder>c:\WINDOWS\TEMP\_avast4_\unp23682</OrigFolder>
  <Comment />
  <Virus>Win32:SdBot-g12 [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>no</Restore>
  <TransferTime>1070329790</TransferTime>
  <FileSize>1106432</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000C</ChestId>
  <FileTime>1070342328</FileTime>
  <OrigFileName>trz22C5.TMP</OrigFileName>
  <OrigFolder>c:\WINDOWS\TEMP</OrigFolder>
  <Comment />
  <Virus>Win32:SdBot-g12 [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1070329806</TransferTime>
  <FileSize>1106432</FileSize>
  </ChestEntry>
- <ChestEntry>
  <ChestId>0000000D</ChestId>
  <FileTime>1068282856</FileTime>
  <OrigFileName>dbplugin.exe</OrigFileName>
  <OrigFolder>c:\WINDOWS</OrigFolder>
  <Comment />
  <Virus>Win32:SdBot-g12 [Trj]</Virus>
  <Category>Vir</Category>
  <Restore>yes</Restore>
  <TransferTime>1070330192</TransferTime>
  <FileSize>261120</FileSize>
  </ChestEntry>
  </aswObject>

Kakzle

  • Guest
Re:Multiple viruses found
« Reply #4 on: December 06, 2003, 04:55:29 PM »
I went to microtrend and did their scan and it didn't find any viruses. Does this mean that avast is giving me false readings? I noticed that avast scans files on my harddrive that don't seem to exist, like in the _restore folder, it scans some thousands of folders, but when I look at that folder in windows explorer, there is only 4 files.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Multiple viruses found
« Reply #5 on: December 06, 2003, 05:41:12 PM »
Those two pav* files are really false alarms in Panda Antivirus tool caused by Panda storing unencrypted virus samples inside.
The Sd-Bots may be real...

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Multiple viruses found
« Reply #6 on: December 06, 2003, 06:19:24 PM »
igor sdbots ARE detected by trend. I think there IS a possibility these are false positives
"People who are really serious about software should make their own hardware." - Alan Kay

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:Multiple viruses found
« Reply #7 on: December 07, 2003, 12:00:44 AM »
I didn't say they aren't... just there are so many sdbots, it's easily possible that some of them are missed by some antiviruses (avast included).
Anyway, it's always possible to send the files from the Chest to Alwil Software for analysis (preferably with some info/comments on the possible false positive in the e-mail).