Author Topic: Hiberfil.sys Zipper 2778 Worm  (Read 12091 times)

0 Members and 1 Guest are viewing this topic.

mauserme

  • Guest
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #15 on: March 07, 2007, 09:03:25 PM »
The zipper virus contains the line
Quote
>>*>> Use PKUNZIP *.EXE immediately! <<*<<
within its code.  Its mentioned in the quote polonus posted as a way to identify the virus.

Those instructions appear to refer back to the days of DOS since the files \command.com and \dos\format.com normally do not exist under Windows XP.  There are files of the same name in a different directory in XP but I don't know if they would be infectable by a DOS virus.

There will probably be a config.sys in your root directory under XP ( C:\ ) but I'm guessing it will be empty.  In any event I don't believe the dos=high or dos=low commands will have any meaning in an XP environment.

Maybe somebody else can comment - its been a long time since I've worked in DOS.

Have you tried the boot scan yet?  If you open the avast! simple user interface and let the memory scan run it might provide confirmation of a memory resident virus.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33885
  • malware fighter
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #16 on: March 07, 2007, 09:09:13 PM »
The info below the toollink, is rather old info because the virus is old, so in that time XP was not around yet.. Download this file to work on, just to compare, nothing else:
http://www.techadvice.com/specs/files_st1.asp?fnid=3398288

XP has MSCONFIG not the config.sys, if you are not familiar with these proceedings just run the tool from the link givenm to see whether it can resurrect the infected executables.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

mauserme

  • Guest
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #17 on: March 07, 2007, 09:42:30 PM »
Thanks polonus

Keith  :)

wrmrwgn

  • Guest
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #18 on: March 08, 2007, 04:37:08 PM »
Hi I have been at this two days and so maybe I should just uninstall AVAST? The damnable hyberfil.sys Zipper 2778 alert keeps popping up in screensaver mode .
None of he advice given so far has worked or I don't know how to use it.
I am afraid this virus is already starting to do more damage. This morning's computer boot was missing the Dell 782p monitor driver and the screen now flickers. I reinstalled the driver but the flickering won't stop, no matter how high I set the resolution. I've gone round and round with this and I'm ready to sing the "Stop the computer and let me off" song.

My computer crashed last weekend and this Virus alarm and then monitor flickering preceded it.  I would'nt doubt the next thing you hear is that my PC crashed.
I know a bunch of you evangelists have offered advice geared for the techie, but maybe you got a preacher in charge that you have been covering for?
 SOmebody has got to know why Avast won't qaurantine this Zipper virus.
To further confuse me , some say it's not a virus and some say it's corrupting my files. It's starting to corrupt my mind!
Please help- I don't think I have much time left before she blows

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #19 on: March 08, 2007, 06:15:00 PM »
Have you tried deleting the hyberfil.sys file to see if that gets rid of the problem?

You will need to enable 'view hidden files and folders':

http://www.bleepingcomputer.com/tutorials/tutorial62.html

If the technician who reinstalled Windows for you did not do a completely clean install, you may have instability problems left over from all the malware removed previously. As this is an old computer, you may also have hardware problems: it's difficult to know if your problems are down to malware or a video card on the blink.

You could try a registry scan with TuneUp utilities to look for problems in the OS. You could also try posting a HijackThis! log so we can look for any malware still active on your computer:

http://www.tune-up.com/

http://www.bleepingcomputer.com/tutorials/tutorial42.html
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67197
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #20 on: March 08, 2007, 06:59:19 PM »
If you can't delete the hyberfil.sys file, try:
Unlocker (http://ccollomb.free.fr/unlocker/), Delete FXP (http://www.jrtwine.com/) or MoveOnBoot.

If you want a free registry cleaner, check PowerTools. Very powerful registry power tools, with lots of extra options. Unfortunately, it's a shareware. But the free version is in a lot of places in the web for download.
The best things in life are free.

wrmrwgn

  • Guest
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #21 on: March 09, 2007, 06:03:36 AM »
Everyone, thanks again for your very many ideas.
Some things solved today.
The video resolution- all due to a faulty surge protector.

No more flickering monitor.
I read that surge protectors can cause monitor problems.
I had been thinking the video card was the problem.

Screensaver ?

I also simply turned off the AVast screensaver. That of course doesn't mean the virus is gone, just that the siren and the announcer have both ceased.

I learned a lot this week- saved a trip to the shop.

Ok- yes, I tried to delete the hyberfil.sys file- it says that the file is not found.
I will try your suggestions.
By the way, I cannot turn the hibernate feature back on.
I'm not sure about how to implement your Hijackthis suggestion

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Hiberfil.sys Zipper 2778 Worm
« Reply #22 on: March 09, 2007, 09:33:44 AM »
Quote
I'm not sure about how to implement your Hijackthis suggestion

Follow the instructions in the tutorial I posted. It has screenshots to help you.

Did you enable view hidden files and folders before looking for hyberfil.sys?
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog