Author Topic: Help, win32/alcan.d, it doesn't go away  (Read 6441 times)

0 Members and 1 Guest are viewing this topic.

arq.jdc

  • Guest
Help, win32/alcan.d, it doesn't go away
« on: January 24, 2007, 10:25:35 PM »
A few weeks ago I open a corrupt file and it ended up infecting my computer... long story short, I was able to get rid of all of the worms and viruses, except for the worm: win32/alcan.d... it just kept appearing whenever I do a scan with the "Malicious Software Removal Tool" of MS, and it doesn't appear in the Avast scans or in any other anti-virus or ad-aware programs that I have.  How do I finally can get rid of it?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Help, win32/alcan.d, it doesn't go away
« Reply #1 on: January 24, 2007, 11:15:30 PM »
If a virus is replicant (coming and coming again), you should:

1) Enable/Disable System restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

2) Clean your temporary files. You can use the Windows Advanced Care features for that.

3) Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4) It will be good if you download, install, update and run other trojan remover tools: a-squared, Free AVG Antispyware or  SUPERantispyware (trojan removers). Some users recommend Spyware Terminator.

5) Use the immunization of Windows Advanced Care features of spyware/adware cleaning and removal.
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: Help, win32/alcan.d, it doesn't go away
« Reply #2 on: January 24, 2007, 11:41:31 PM »
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?  Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.

If it is a valid detection, help avast improve its detections and send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

arq.jdc

  • Guest
Re: Help, win32/alcan.d, it doesn't go away
« Reply #4 on: January 25, 2007, 05:22:23 PM »
Until this point the worm only appears when I do a scan with the Microsoft Malicious Software Removal Tool... and this scan doesn't show me an specific infected file, it just tells me it found win32/alcan.d and it partially remove it... the worm does not appear on a Avast scan.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Help, win32/alcan.d, it doesn't go away
« Reply #5 on: January 25, 2007, 05:30:34 PM »
Until this point the worm only appears when I do a scan with the Microsoft Malicious Software Removal Tool... and this scan doesn't show me an specific infected file, it just tells me it found win32/alcan.d and it partially remove it... the worm does not appear on a Avast scan.
Does it appear in other antitrojan applications?
Please, download, install, update and run other trojan remover tools: a-squared, Free AVG Antispyware or  SUPERantispyware (trojan removers). Some users recommend Spyware Terminator.
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Help, win32/alcan.d, it doesn't go away
« Reply #6 on: January 25, 2007, 05:33:33 PM »
Have you tried the removal instructions in the link above?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

arq.jdc

  • Guest
Re: Help, win32/alcan.d, it doesn't go away
« Reply #7 on: January 29, 2007, 09:18:22 PM »
OK... the Brute Force Unistaller did the job, the Alcan.d is no longer appearing anymore on the MS Malicious Software Removal Tool scans... I'm posting a HJT log so you guys can check if I'm free and clear... Thanks a lot for all your help.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Help, win32/alcan.d, it doesn't go away
« Reply #8 on: January 29, 2007, 10:15:36 PM »
I reckon this is a baddie:

O4 - HKLM\..\Run: [{C8B863EB-0D3F-1033-0110-050405120001}] "C:\Program Files\Common Files\{C8B863EB-0D3F-1033-0110-050405120001}\Update.exe" mc-110-12-0000137

Can you find the file? If you can, submit it to VirusTotal and see what the scanners there say. I'm pretty sure it's nothing good, and something you need to fix with HijackThis!, but check it out just to be sure.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88896
  • No support PMs thanks
Re: Help, win32/alcan.d, it doesn't go away
« Reply #9 on: January 29, 2007, 11:07:36 PM »
If as Frank said you can find the file and it is detected as malware at virustotal also send a sample to avast virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (right click, email to Alwil Software).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

arq.jdc

  • Guest
Re: Help, win32/alcan.d, it doesn't go away
« Reply #10 on: February 01, 2007, 05:26:54 PM »
OK I scan the file on Virus Total, a lot of bad stuff came up... I ran a HJT scan and fix the file with it... I ran another scan with HJT and the file was no longer on the log... All the scans I've made with Ad-Aware, Avast & Malicious Software Removal Tool turn out clean... Thanks again

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Help, win32/alcan.d, it doesn't go away
« Reply #11 on: February 01, 2007, 06:04:42 PM »
You'll need to update Java. I recommend you run the Secunia Software Inspector. It will provide a link to update Java, and also inform you of anything else that needs updating.

http://secunia.com/software_inspector/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog