Author Topic: WORM_BEREB.B  (Read 5507 times)

0 Members and 1 Guest are viewing this topic.

Steele

  • Guest
WORM_BEREB.B
« on: February 28, 2004, 10:28:52 PM »
How do I get rid of this virus/worm?

http://www.techsupportforum.com/computer/topic/13096-1.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BEREB.B

I got it through WinMX when downloading a zip file. Interesting how Avast4Home did not pick it up with the resident sheild.  :'(

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #1 on: February 28, 2004, 10:31:41 PM »
And the on-demand did detect it?
If at first you don't succeed, then skydiving's not for you.

Steele

  • Guest
Re:WORM_BEREB.B
« Reply #2 on: February 28, 2004, 10:35:25 PM »
I have isolated the file as "SVCKERNELL.COM". It also created a folder called "startrwin" and places "startrwin" in the WINDOWS folder.

SVCKERNELL.COM is listed in the processes (in Windows 98SE) when I press ctrl-alt-del...ONLY BEFORE Windows completes loading my desktop. I caught it intime to find out what the forign startup program was called. I think it tries to hide itself.

Should I send it to you VLK? I've never tried sending a virus before??  ???

VLK: Let me try a THOUROUGH scan option first.
« Last Edit: February 28, 2004, 10:36:32 PM by Steele »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #3 on: February 28, 2004, 10:37:40 PM »
Yes please zip the file with a password and send it (together with the password) to the address

virus (AT) avast (DOT) com

The analysts will take a look at it.

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Steele

  • Guest
Re:WORM_BEREB.B
« Reply #4 on: February 29, 2004, 12:08:02 AM »
VLK :)

I sent the virus to them in a password protected .ZIP file.

Thanks for you help.
the virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.

This information was helpful from TrendMicro:

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Taskmanager = “C:\Windows\taskmgr.com”
OR
Svckernell=”c:\windows\svckernell.com”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.

The svckernell.com was in my registry. I removed it.
« Last Edit: February 29, 2004, 12:22:30 AM by Steele »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:WORM_BEREB.B
« Reply #5 on: February 29, 2004, 02:35:16 PM »
The virus was later detected... but the resident on access sheild did not.... despite it being a .EXE entension.

Just a curiosity: have you installed Norton SystemWorks (or NAV) anytime - even in the past - in your computer?
It messes your registry and you would be in danger with on-access scanning of .exe files...

You can read more here.
The best things in life are free.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:WORM_BEREB.B
« Reply #6 on: February 29, 2004, 02:37:07 PM »
Steele you may also consider moving the On-Access scanner sensitivity slider to the High position. Otherwise, the files are not usually scanned unless they're executed (i.e. the virus is trying to activate).
If at first you don't succeed, then skydiving's not for you.

Steele

  • Guest
Re:WORM_BEREB.B
« Reply #7 on: March 04, 2004, 12:41:00 AM »
That's a good idea. Thank you VLK!  ;D

Also, I sent my virus into avast. There going to add it into furture detections A.S.A.P.

~Steele Wolf~

Steele

  • Guest
Re:WORM_BEREB.B
« Reply #8 on: March 04, 2004, 12:42:48 AM »
Also no. I have NEVER used another AntiVirus product.

A did a recent clean install of XP then just installed AVAST4HOME.  ;D

Norton?  ???
Yuck! :o
Never!!  ;D
« Last Edit: March 04, 2004, 12:43:13 AM by Steele »