W32.Banwarum.G@mm - avast doesn't recognize!

[vorus]

I recently noticed that my eMule Incoming Folder was full of zip files that I never downloaded such as 3d studio max crack, 3planesoft crack etc. etc... All of the files have the name crack in them. I made a boot scan but avast found nothing.

Then I searched the web for what may have been causing this and found out a virus called W32.Banwarum.G@mm infects the computers through P2P programs. Only Symantec had a description of this virus which was first found in July 2006.

I delete these files and they come back...

So what am I supposed to do now? Buy symantec and remove them?? When do you think avast will help with this virus? 

The details of the virus may be found at http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-070609-4730-99&tabid=1

[mouniernetwork]

Hello, and Welcome to the Forum   

Did you do a forum search ??
In case of a suspicious file send it to virus (at) avast (dot) com in a pawword protected ZIP file.

Check the link to report missing detection in my signature.

Al968

P.S: The password for the ZIP should be "virus"

[DavidR]

Do you know the possible location and file name of the suspect virus, e.g. (C:\windows\system32\infected-file-name.xxx) ?
Send the sample to virus@avast.com zipped and password protected with password in email body andundetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (right click, email to Alwil Software).


In the symantec page you found, there is likely to be technical information and removal information, etc. so you don't have to buy anything. It may appear that only symantec detects it but the malware could have aliases as there is no standard naming convention.

Files that keep coming back most likely have other elements to restore it.

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode.
1. Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.

[polonus]

Hi vorus,

Don't need to get Norton for this, bit too heavy on the poor cycles.
Here is the removal tool and a free removal solution for banwarum for ye:
http://www.2-spyware.com/remove-banwarum.html

polonus

[vorus]

Thanks for trying to help... 

@polonus: I've tried that removal tool and it turned out to be a fake, it downloads a program called spyware doctor (which I've tried and didn't work).

@DavidR: I've downloaded and installed Avg Anti-Spyware. I made a full system scan in safe mode. It deleted 696 infected files. Everything seems fine for now. Those zip files haven't reappeared yet.

@al968: I've scanned one of the zip files with VirusTotal and the result can be seen at http://www.virustotal.com/vt/en/resultadof?c13c495895178da76bbdf9b41cbb325a
It's weird that symantec did not detect this worm although it has a page describing it. Probably this is another version of the worm.

And lastly, I could not send the virus to avast because I was so busy searching for a solution and when one worked out (avg) all the files were deleted already... I hope they won't come back but if they do I'll send an example to avast the way you guys described.
Thank you all again for helping...

[DavidR]

Glad that we could help and the problem is resolved.

Welcome to the forums.

Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.