Author Topic: Win32:warezov_qu  (Read 9484 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89243
  • No support PMs thanks
Re: Win32:warezov_qu
« Reply #15 on: December 08, 2006, 12:42:17 AM »
A google search for win32:warezov returns many hits, this is just one, http://www.avast.com/eng/win32-warezov-family.html.

As you can see from this and others it is a mass mailer that sends out email to try and infect others from email addresses in your system, but for it to keep coming back there has to be a download element. A good firewall should stop or at least challenge unauthorised outbound connection to the internet, what is your firewall as this doesn't appear to be happening ?

What surprises me is that it is being detected on your HDD and not caught by the Web Shield before it gets to your HDD. Is the Web Shield provider running ?

Try a forums search for W32:Warezov and W32:Stration (an alias) as there have been several recent Topics on that and se what is suggested for removal.

You should also consider some proactive measures to try and prevent it getting re-established, as it needs permission to copy files to system folders and create registry entries, see DropMyRights in my signature.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TOMTHUMB

  • Guest
Re: Win32:warezov_qu
« Reply #16 on: December 08, 2006, 02:44:27 AM »
The "Firewall" I just downloaded, was the Comodo one. and they have got through that as well. WEB SHIELD.??? could you explain this please.
Thanks Bob.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89243
  • No support PMs thanks
Re: Win32:warezov_qu
« Reply #17 on: December 08, 2006, 03:03:11 AM »
Check out the avast help file (right click the avast icon, select Start avast! Antivirus, Menu, Help or press F1), Resident Protection, Web Shield, but basically it monitors the traffic from the web to your system and if infected content is found it should alarm and effectively block it from being downloaded and stop it arriving on your HDD.

Comodo should do the job of checking outbound connections, but you have to read what it is telling you. You have to have some idea that it isn't something you are doing at that time that is trying to connect and not just say Yes to all questions or say No to all questions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TOMTHUMB

  • Guest
Re: Win32:warezov_qu
« Reply #18 on: December 08, 2006, 03:12:39 AM »
OK done that, will just see if that stops it.
Thanks bob.

TOMTHUMB

  • Guest
Re: Win32:warezov_qu
« Reply #19 on: December 08, 2006, 03:37:26 AM »
Nope still no good, it comes up twice every time. could there be something that is in the PC, that is triggering it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89243
  • No support PMs thanks
Re: Win32:warezov_qu
« Reply #20 on: December 08, 2006, 02:21:38 PM »
When you say it keeps coming up each time please restate the file name and location even if the same and also what were you doing when it returned ?


You could try DrWeb CureIT!  http://download.drweb.com/drweb+cureit/

Have you tried a forum search as suggested
http://forum.avast.com/index.php?topic=24400.0
http://www3.ca.com/be/securityadvisor/virusinfo/virus.aspx?id=58375

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2 or HiJackThis Tutorial 3
On-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TOMTHUMB

  • Guest
Re: Win32:warezov_qu
« Reply #21 on: December 08, 2006, 10:21:58 PM »
Thanks, I will try all you sugest. Well, the Alarm goes off, and it says it has found a Virus, in these two files.
9/12/2006   6:57:42 AM   1165607862   SYSTEM   1960   Sign of "Win32:Warezov-QV [Wrm]" has been found in "C:\WINDOWS\system32\alrsbatt.dll" file. 
9/12/2006   6:57:48 AM   1165607868   SYSTEM   1960   Sign of "Win32:Warezov-QU [Wrm]" has been found in "C:\WINDOWS\system32\strmwin8.dll" file.
The Alarm goes off regulary, throughout the Day. Always twice. and puts them in the same files. I just put them in the chest.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89243
  • No support PMs thanks
Re: Win32:warezov_qu
« Reply #22 on: December 08, 2006, 11:27:18 PM »
Were you browsing or just working on the system ?
If browsing something is downloading and installing those files and the firewall isn't stopping this.

Check out CureIt and the other links, that doesn't work, you really need to download HJT and read the Tutorials and post (paste) the contents of the hijackthis.log file here.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

TOMTHUMB

  • Guest
Re: Win32:warezov_qu
« Reply #23 on: December 11, 2006, 12:07:09 AM »
Hi Dr Web cure it fixed it up, it did a quick scan and said to "Reboot" it would then fix the three files it found. Thanks no Worms for two Days now.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89243
  • No support PMs thanks
Re: Win32:warezov_qu
« Reply #24 on: December 11, 2006, 12:48:34 AM »
Thanks for the feed back, glad that it is now sorted.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security