Author Topic: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning  (Read 11231 times)

0 Members and 1 Guest are viewing this topic.

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #15 on: July 13, 2006, 04:24:09 PM »
Windows fileinfector

Never heard of this, what is it ?
a resident evil virus ?

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #16 on: July 13, 2006, 04:28:40 PM »
file infector is just a "proper" term for virus. So "file infector" = "virus"
Visit my webpage Angry Sheep Blog

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #17 on: July 13, 2006, 06:57:06 PM »
how dummy am I... I could have guessed it...

anyway,

I ran a Housecall (TrendMicro, http://fr.trendmicro-europe.com/consumer/housecall/housecall_launch.php) on my PC and it has found "PE.VIRUT.A", also known as "W32.VIRUT.A" at symantec : http://www.sarc.com/avcenter/venc/data/w32.virut.a.html
FYI : panda's online scanning tool crashed when scanning for viruses, I don't know why.

It had infected all my windows .exe, .cmd and all program files.
HouseCall can repair it, if you infected, don't be afraid, just a short bad time to go through ;-)

This virus appeared may 14th, I don't know when/where I got it from :(


Thank you all, now I just have to repair... and wait for the new VPS...
« Last Edit: July 14, 2006, 12:38:42 PM by rangoon_fr »

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #18 on: July 14, 2006, 06:31:00 PM »
<<
14.07.2006 - 0628-5
Win32:Beagle-ME [Trj], Win32:Virut
>>

Great !!! Thanks ! :D

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #19 on: July 14, 2006, 08:13:44 PM »
Are repair routines included to fix infected files?
Visit my webpage Angry Sheep Blog

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #20 on: July 14, 2006, 09:18:23 PM »
well... hard to say.
File are first marked as repared (avast created a .RBO version kepping the original file in place but with a different length). And when the scan is finished, avast says that it finnaly couldn't repare some files, a it show the complete list of RBO files, along with some exe's.

I do not understand if the files with the original extension are safe or not and why avast finally states that
files where not repared.

I hope this helped  ::)


Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11786
    • AVAST Software
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #21 on: July 14, 2006, 09:29:22 PM »
No, special cleaning for this virus has not been implemented.

avast! doesn't create any .rbo files.. so I don't think it has anything to do with avast!  ???

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Visit my webpage Angry Sheep Blog

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #23 on: July 14, 2006, 09:57:48 PM »
Igor :
thoses files were marked as VIRUT infected (when .RBO is Magister.B according to Rejzor's url), they have been successfully delete by avast! with the scan report/log.

Rejzor :
If I'm right Magister propagates via email ? I haven't restored my mails yet (I wait for the pc to be completly clean). How could it have executed, i wonder.

what is possible is that housecall didn't check those files, although I'm quite sure they were not present when I used it. however, Avats! didn't warn for a Magister.B infected file.

really strange !  ??? :-\

I'm running a new house call, so far no virus found, yessss !!

Igor, I really want to thank you for following your posts and dummy users of avast! so closely, thanks !

Rangoon

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #24 on: July 14, 2006, 10:29:24 PM »
I don't think it's related, though still interesting that some RBO files started appearing on your PC.
Visit my webpage Angry Sheep Blog

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #25 on: July 14, 2006, 11:03:45 PM »
BTW, I have a copy of LoveLetter and Homepage (very old viruses i know) in TXT files, they are marked by Housecall but nothing in avast!, how come ? because of the extension ? I could even open the txt file without any warning :-\

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9359
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #26 on: July 15, 2006, 08:41:39 AM »
Thats because txt is a plain text and you can run it whatever you like.
Stuff in such form is benign and can't hurt your system.
You have to use High Standard Shield sensitivity in order to detect stuff in txt files.
Visit my webpage Angry Sheep Blog

Offline rangoon_fr

  • Newbie
  • *
  • Posts: 18
Re: [SOLVED : was unknown virus] "ashMaiSv has been modified" warning
« Reply #27 on: July 15, 2006, 11:40:32 AM »
truly, i tried to rename it as .vbs and was kicked off by Avast!, great thing!  ;D