Other > Viruses and worms
Problem Solve.. :) But, how avast! give name to viruses and worms??
mauserme:
--- Quote from: oldman on August 08, 2007, 06:38:08 AM ---Maybe a hijackthis log would help.
--- End quote ---
Yes, but first run ComboFix and post that log.
Download ComboFix from Here or Here to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall.
Then Click here to download HJTsetup.exe
[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
[/list]
marcjessa:
Okay, i will do it..
Maybe tomorrow, i would send the data.. :)
marcjessa:
AVAST! Staff..
I already found out what attack my system...
C:\Documents and Settings\Admin\Local Settings\Temp\Ngsys.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\rvshost.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\runer.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\userint.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\windxp.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\winzipt.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\system31.exe is infected with W32.SillyDC
C:\Documents and Settings\Admin\Local Settings\Temp\Vel.exe is infected with W32.SillyDC
C:\WINDOWS\system32\Restoration.msd is infected with W32.SillyDC
AND ITS INFECTING ALL WINDOW FILES!!!!
Why does Avast! can't detect the worm W32.SillyDC???..
Other name of W32.SillyDC
Virus.Win32.Autorun.cu [Kaspersky], W32/Generic!Floppy [McAfee], Trj/TaskKill.A [Panda Software], Mal/VB-F [Sophos], Worm/VB.BNI [AVG], TR/Agent.VB.AOA [Avira Antivir], Trojan.Agent.VB.AOA [BitDefender], Win32/Autorun.C [NOD32]
Definition:
Once executed, the worm create a copy of itself in the %Windir% or %System% folder.
The worm then modifies the registry so that it is executed every time Windows starts. In most cases, the worm uses one or more of the common loading points to make sure that it runs when you start Windows. For information about common loading points, read one of these documents:
Is this a bug!???
Please.. make some move.. Need more VPS update..
Can avast! detect worm / spyware ?? or only Trojans and viruses??
Thank's avast!.
Hoping for response.. :-\ :-\ :-\
[I'm not in hurry, ;D ;D it is just my expression] ;D ;D ;D Long live! Avast!
Lisandro:
--- Quote from: mattrex0220 on August 08, 2007, 02:28:34 PM ---Why does Avast! can't detect the worm W32.SillyDC???..
Please.. make some move.. Need more VPS update..
Can avast! detect worm / spyware ?? or only Trojans and viruses??
--- End quote ---
Can you send the samples to virus@avast.com ?
You can zip and password the files... Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks for helping improving detection.
@ Virus analyst team: what about hurry up? ???
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:
1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.
2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.
3. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.
5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
Maxx_original:
send the infected files from your temp directory to virus[at]avast[dot]com... i guess it's a new variant of old polymorphic SillyWR... i need your samples to make some reliable detection... it will be added to some of the next virus databases ;)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version