Author Topic: WORM_BEREB.B  (Read 4715 times)

0 Members and 1 Guest are viewing this topic.

Offline Steele

  • Full Member
  • ***
  • Posts: 199
  • I won't bite too hard!
    • A World Beyond Imagination!
WORM_BEREB.B
« on: February 28, 2004, 10:28:52 PM »
How do I get rid of this virus/worm?

http://www.techsupportforum.com/computer/topic/13096-1.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BEREB.B

I got it through WinMX when downloading a zip file. Interesting how Avast4Home did not pick it up with the resident sheild.  :'(
"A man can tell a thousand lies, I’ve learned my lesson well, Hope I live to tell the secrets I have learned, till then, It will burn inside of me..."

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #1 on: February 28, 2004, 10:31:41 PM »
And the on-demand did detect it?
If at first you don't succeed, then skydiving's not for you.

Offline Steele

  • Full Member
  • ***
  • Posts: 199
  • I won't bite too hard!
    • A World Beyond Imagination!
Re:WORM_BEREB.B
« Reply #2 on: February 28, 2004, 10:35:25 PM »
I have isolated the file as "SVCKERNELL.COM". It also created a folder called "startrwin" and places "startrwin" in the WINDOWS folder.

SVCKERNELL.COM is listed in the processes (in Windows 98SE) when I press ctrl-alt-del...ONLY BEFORE Windows completes loading my desktop. I caught it intime to find out what the forign startup program was called. I think it tries to hide itself.

Should I send it to you VLK? I've never tried sending a virus before??  ???

VLK: Let me try a THOUROUGH scan option first.
« Last Edit: February 28, 2004, 10:36:32 PM by Steele »
"A man can tell a thousand lies, I’ve learned my lesson well, Hope I live to tell the secrets I have learned, till then, It will burn inside of me..."

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #3 on: February 28, 2004, 10:37:40 PM »
Yes please zip the file with a password and send it (together with the password) to the address

virus (AT) avast (DOT) com

The analysts will take a look at it.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Steele

  • Full Member
  • ***
  • Posts: 199
  • I won't bite too hard!
    • A World Beyond Imagination!
Re:WORM_BEREB.B
« Reply #4 on: February 29, 2004, 12:08:02 AM »
VLK :)

I sent the virus to them in a password protected .ZIP file.

Thanks for you help.
the virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.

This information was helpful from TrendMicro:

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Taskmanager = “C:\Windows\taskmgr.com”
OR
Svckernell=”c:\windows\svckernell.com”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.

The svckernell.com was in my registry. I removed it.
« Last Edit: February 29, 2004, 12:22:30 AM by Steele »
"A man can tell a thousand lies, I’ve learned my lesson well, Hope I live to tell the secrets I have learned, till then, It will burn inside of me..."

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:WORM_BEREB.B
« Reply #5 on: February 29, 2004, 02:35:16 PM »
The virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.

Just a curiosity: have you installed Norton SystemWorks (or NAV) anytime - even in the past - in your computer?
It messes your registry and you would be in danger with on-access scanning of .exe files...

You can read more here.
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #6 on: February 29, 2004, 02:37:07 PM »
Steele you may also consider moving the On-Access scanner sensitivity slider to the High position. Otherwise, the files are not usually scanned unless they're executed (i.e. the virus is trying to activate).
If at first you don't succeed, then skydiving's not for you.

Offline Steele

  • Full Member
  • ***
  • Posts: 199
  • I won't bite too hard!
    • A World Beyond Imagination!
Re:WORM_BEREB.B
« Reply #7 on: March 04, 2004, 12:41:00 AM »
That's a good idea. Thank you VLK!  ;D

Also, I sent my virus into avast. There going to add it into furture detections A.S.A.P.

~Steele Wolf~
"A man can tell a thousand lies, I’ve learned my lesson well, Hope I live to tell the secrets I have learned, till then, It will burn inside of me..."

Offline Steele

  • Full Member
  • ***
  • Posts: 199
  • I won't bite too hard!
    • A World Beyond Imagination!
Re:WORM_BEREB.B
« Reply #8 on: March 04, 2004, 12:42:48 AM »
Also no. I have NEVER used another AntiVirus product.

A did a recent clean install of XP then just installed AVAST4HOME.  ;D

Norton?  ???
Yuck! :o
Never!!  ;D
« Last Edit: March 04, 2004, 12:43:13 AM by Steele »
"A man can tell a thousand lies, I’ve learned my lesson well, Hope I live to tell the secrets I have learned, till then, It will burn inside of me..."