Author Topic: Encounter with KWBot-D  (Read 4612 times)

0 Members and 1 Guest are viewing this topic.

Offline Ralphie Boy

  • Newbie
  • *
  • Posts: 3
Encounter with KWBot-D
« on: May 02, 2003, 08:17:56 AM »
 :-\  I have just run a virus scan and found KWBot-D has taken residence desite Avast 4 in operation.  VDRB was activated.  Problem:  scan will not allow me to delete, rename or move virus to chest.  Scan will therefore not continue and virus remains.

Can you help me??

TIA

RB

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Encounter with KWBot-D
« Reply #1 on: May 02, 2003, 11:02:04 AM »
It seems that this Virus spread via Kazza. Take a look at this link: http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=KWBot&product=0
 Maybe the easiest is to start Windows in safe mode and then start Avast or close the running "Virustasks" and delete the files than. What are the names of the files Avast found that Virus in,  cmd32.exe or system32.exe?

BTW: cool nickname! :)
« Last Edit: May 02, 2003, 11:04:08 AM by raman »
MfG Ralf

Offline Ralphie Boy

  • Newbie
  • *
  • Posts: 3
Re:Encounter with KWBot-D
« Reply #2 on: May 04, 2003, 01:08:43 AM »
Thanks Raman for the response...  It's in the CMD.exe.  I will try the safe mode strategy tonight and check back with the results.

RB

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Encounter with KWBot-D
« Reply #3 on: May 04, 2003, 08:47:30 AM »
Wow, be carefull! CMD.EXE is a Part of winxp/2000, CMD32.EXE isnĀ“t.
MfG Ralf

Offline Ralphie Boy

  • Newbie
  • *
  • Posts: 3
Re:Encounter with KWBot-D
« Reply #4 on: May 05, 2003, 07:59:57 AM »
Hi Raman,

I followed the directions in the link you sent me.  I went into the safe mode and edited the registry as suggested, after a full virus scan.  The virus did show up, but was easily deleted this time.  No problems with the computer so far...BTW,  I am running WIN98SE.  ;D

Thanks again for your help!

RB