Author Topic: Help With Feebs Family  (Read 7425 times)

0 Members and 1 Guest are viewing this topic.

buffyneedshelp

  • Guest
Help With Feebs Family
« on: March 15, 2007, 05:57:41 PM »
My Avast warning just notified me that feebs family virus is in my computer. The recommended action is to move to chest but it won't let me because it's being used by another process. I tried to see if I could figure this out by reading some of the topics so I wouldn't be a bother but I'm stooopid and in need of additional help. Thank you!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31216
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re: Help With Feebs Family
« Reply #1 on: March 15, 2007, 05:59:32 PM »
Run a boottime scan and let Avast deal with it.
HOw to do it is explained in many other thread on this board.

Spiritsongs

  • Guest
Re: Help With Feebs Family
« Reply #2 on: March 15, 2007, 06:17:39 PM »
 :)  Hi Buffy :

     A "Google Search" indicates "feebs family" are "Worms", best dealt with
     by antiSPYWARE/antiTROJAN program(s) ; do you have any of those
    "types" of programs on your computer ? IF NOT, I recommend you
     use the FREE version of "SUPERantispyware" available from
     www.superantispyware.com .
« Last Edit: March 15, 2007, 06:30:41 PM by Spiritsongs »

buffyneedshelp

  • Guest
Re: Help With Feebs Family
« Reply #3 on: March 15, 2007, 06:30:20 PM »
Hi, thank you. I've been trying to find how to do the scan that Eddy advised by using the search feature on this forum but I can't seem to find instructions. I also can't seem to find a boottime scan option on my Avast (I know you're all rolling your eyes). I think the only other program I have besides Avast is Zone Alarm. I'm not sure if my operating system is 2000 or later. There's a little sticker that says: designed for microsoft windows xp. Is that 2000 or later?

Spiritsongs

  • Guest
Re: Help With Feebs Family
« Reply #4 on: March 15, 2007, 06:33:23 PM »
 :) Hi Buffy :

    I just revised my Post after going on the superantispyware site and
    finding the program is compatible with all Windows Operating Systems
    since 1998; your XP was issued AFTER that date, so I recommend you
    use it . It may find other bad "stuff" that Avast is NOT detecting .

    And AFTER you use it, I recommend you install the Good & FREE
   "SpywareBlaster" from www.javacoolsoftware.com ; it helps to PREVENT
    spyware from getting on the computer. There is a "Tutorial" on this program
    at www.bleepingcomputer.com/tutorials/tutorial49.html .
« Last Edit: March 15, 2007, 06:39:46 PM by Spiritsongs »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Help With Feebs Family
« Reply #5 on: March 15, 2007, 06:37:17 PM »
Did you run boot time scanning like Eddy suggested?
I also suggest that you disable and then enable System restore again on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k.

It will be good if you download, install, update and run other trojan remover tools: a-squared and/or Free AVG Antispyware (trojan removers with very good detection rates).
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Help With Feebs Family
« Reply #6 on: March 15, 2007, 06:44:19 PM »
Screenshots of how to do a boot time scan here:

http://www.digitalred.com/avast-boot-time.php

Note that if avast! detects a virus in memory, you will be given the option to run a boot time scan straight away: simply accept the option if it comes up and reboot.
« Last Edit: March 15, 2007, 06:53:05 PM by FreewheelinFrank »
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: Help With Feebs Family
« Reply #7 on: March 15, 2007, 07:05:58 PM »
Hi buffyneedshelp.

Because of the rootkitlike qualities of this malware it is a rather difficult malware to remove manually, but I give you the manual removal instructions as a check-up after removing this worm with a cleansing tool:

Find and remove the infected files of w32.feebs Trojan.

msdf32.dll

To delete the value from the registry entries of w32.feebs

Note: NoSnoopWare strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files.


Click Start > Run.
Type regedit
Then click OK

Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD5AC91B-AE7B-E83A-0C4C-E616075972F3}


In the right pane, reset the following value if applicable:

"Stubpath" = "C:\Recycled\userinit.exe"

HKEY_CLASSES_ROOT\CLSID\{A49B98EA-8F8F-969E-1B5E-37D83E29F7F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ ShellServiceObjectDelayLoad\msdf32.dll "{A49B98EA-8F8F-969E-1B5E-37D83E29F7F8}"

Exit the Registry Editor.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

mauserme

  • Guest
Re: Help With Feebs Family
« Reply #8 on: March 15, 2007, 07:19:17 PM »
In addition to everything above, F-Secure has a removal tool  if you find a need for it

http://www.f-secure.com/v-descs/feebs.shtml

buffyneedshelp

  • Guest
Re: Help With Feebs Family
« Reply #9 on: March 15, 2007, 07:42:49 PM »
You guys are SO awesome!! The screen Shot of Avast was just what I needed to help me make my Avast scan :) Thank you! Avast is still busy scanning (how long does it take?) but it shows the file with the js: feebs virus has been moved to the chest. It's also showing that there was another thing on my computer that also has been moved to the chest: weather bug/ minibug transporter win 32 adware gen (something like that) which I didn't even know was on my computer. So, now that you've taught me how to use my Avast, should I be running this scan thing every now and then rather then waiting for a virus notification to pop up?

Thank you for directing me to other protection programs. I'm going to hand the info over to my computer literate brother when he gets back in town and let him handle this. I'm afraid if I attempt anything more I'll blow-up my computer!

Thank you again. I really appreciate your help. If I have further trouble after it's finished scanning, I know where to find you. Quick, hide!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Help With Feebs Family
« Reply #10 on: March 15, 2007, 08:05:29 PM »
Time taken depends on how much data you have on the hard drive.

The boot time scan is really for removing stubborn malware. The avast! scanner interface is fine for normal scans.

If you've found signs of adware, I recommend running a couple of free adware scanners. (Don't forget to look for updates before you scan.)

http://www.download.com/3000-2144-10045910.html

http://www.spybot.info/
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33628
  • malware fighter
Re: Help With Feebs Family
« Reply #11 on: March 15, 2007, 08:29:20 PM »
Hi ye all,

Just found an interesting snippet about the coding of this malware, and how this is being analysed:
http://asert.arbornetworks.com/2006/04/safely-investigating-malicious-javascript
Enjoy the interesting info on the Feebs javascript obfuscated with VSB, or rather how to treat with utmost caution, read this FwF, interesting, as I said.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!