Author Topic: avast cannot detect worm/virus  (Read 6877 times)

0 Members and 1 Guest are viewing this topic.

amscmu

  • Guest
avast cannot detect worm/virus
« on: September 29, 2007, 09:02:10 AM »
I got infection and avast cannot detect it. I did send the file (zip file) to virus@avast.com. Below is my mail.
==========================
Dear,
Attached is the virus that avast cannot detect. This virus is detected by AVG as Worm/Delf.OEV. Unfortunately, AVG cannot fix this problem.

This virus can freeze computer at any stem (starting from turn on up to any point). This made me think that my laptop was defect at mainboard. At this point there is no error or sign that virus is already in my laptop.

Later on, the virus start to show itself. Finally I found the virus file in shared doccument. It turn the shared document on (I never share this document) And rename it to Documents and make it read only.

When start, this virus, open drive C and my documents. In addition, it also disable my LAN connection (and I cannot enable the connection).

Fortunately, the wireless lan connection is still ok.

Please kill it and restore the damage.

Best regards,
===============================================================================

Virus is detected by 7 out of 20 engins at http://virusscan.jotti.org/

AVG, Kaspersky, NOD32, Dr. Web, F-secure, Norman and VBA32

Is anybody know how to kill this virus and recover the damge it makes to my notebook.

Many thanks

Ronachai

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast cannot detect worm/virus
« Reply #1 on: September 29, 2007, 08:38:21 PM »
Can you say what is the infected file name, where was it found (C:\windows\system32\infected-file-name.xxx)?
What avast! version and virus database are you using? (see About dialog of avast!)
Which virus names are displayed at jotti scanning?
The best things in life are free.

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #2 on: September 30, 2007, 04:25:41 AM »
Thanks for reply. Here is what from jotti.

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #3 on: September 30, 2007, 04:34:05 AM »
After I use AVG (free edition) to clean. Most of the infected file gone so I don't really where were they. However, some files are left in shared folder.

Before cleaning there were about 100 files in the shared folder. After cleaning, about 5 files still there (as shown in the picture.

What is weird is AVG does not detect theses files. Although, kaspersky scan (online) can detect them and also another virus called "not-a-virus:RiskWare.mIRC.603"

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #4 on: September 30, 2007, 04:39:46 AM »
unable to do anything with the file.
I use avast home 4.7
my virus database is always up to date. The newest on mine is 777-3.
Thanks
« Last Edit: September 30, 2007, 04:41:38 AM by amscmu »

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #5 on: September 30, 2007, 06:11:47 AM »
after kaspesky online scan for critical area
2 files are found infected with not-a-virus:Client-IRC.Win32.mIRC.603 and not-a-virus:RiskTool.Win32.HideWindows
What intersting is that the risktool is also detect with AVG when I scan with jotti. But when I scan it directly with my AVG, it found nothing.

CharleyO

  • Guest
Re: avast cannot detect worm/virus
« Reply #6 on: September 30, 2007, 09:54:17 AM »
***

Are you saying that you have both AVG anti-vitus and avast anti-virus installed on this computer?


***

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #7 on: October 01, 2007, 03:59:16 AM »
Yes, I do so otherwise I cannot delete the worm.
I do so just I reallize that my computer was infected with the worm that avast cannot detect and it.
So I download AVG and install to my notebook just to get rid of the worm.
After avast fix this. I will remove AVG as soon as possible.
So please anyone help me.
Ronachai

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast cannot detect worm/virus
« Reply #8 on: October 01, 2007, 04:04:35 AM »
Yes, I do so otherwise I cannot delete the worm.
Please, remove one of the antivirus as soon as possible, right now.
They could conflict, you can have troubles to boot/logon.
Never use two antivirus at the same time at the same computer.
To remove worms, you can use other antispyware products on-demand or on-line scanners, but never two antivirus at the same time.
The best things in life are free.

amscmu

  • Guest
Re: avast cannot detect worm/virus
« Reply #9 on: October 01, 2007, 08:11:32 AM »
I did remove avast (for temporary) until avast can fix this problem.
 :'(

At the moment I use AVG though not much use as it can detect but cannot do anything with what it detects.

All in all. Avast cannot detect this worm at all.
I have use AVG to clean my notebook with partial success.
None of antispywares I have (adaware and spybot search & destroy) could handle this worm.

What should I do next (apart from format my notebook)  :'(

Thanks

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: avast cannot detect worm/virus
« Reply #10 on: October 01, 2007, 04:52:25 PM »
What should I do next (apart from format my notebook)  :'(
If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. I'm not sure you've done with all of them, but it will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

4. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

5. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

Also, you can test your computer with on-line scanning. BitDefender could clean.

Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
AVGas (does not necessary if you have AVG antispyware installed)
F-Secure
BitDefender (free removal of the malware)
HitmanPro (multiply scanners)
The best things in life are free.