Author Topic: Win32:Warezov-CTJ[Wrm]  (Read 6542 times)

0 Members and 1 Guest are viewing this topic.

22cowboy

  • Guest
Win32:Warezov-CTJ[Wrm]
« on: March 05, 2008, 12:55:07 AM »
Help!  I'm new here and have slim knowledge on computers.  Definitely not a pro; but not a complete idiot.  During the last year or so i have had a TON of junk e-mail and now maybe i'm starting to understand why.  Avast is reporting that i have Win32:Warezov-CTJ[Wrm] but it is unable to either delete it or move it the chest.  During avast scan, webroot spysweeper reports that i have "stration" and has moved it into quarantine.  Avast reports the location of Win32:Warezov-CTJ[Wrm] as being:        C:/documents and settings/local settings/application data/microsoft/outlook/archive.pst/archive folders/top of personal folders/deleted items/mail server report./update-KB2850-x86.exe/[MEW]/[Embedded#FW].  Anyone have any ideas on what to do.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Warezov-CTJ[Wrm]
« Reply #1 on: March 05, 2008, 01:11:19 AM »
It is an attachment on an old (archive) Outlook email folder (possibly deleted items) with the attachment, update-KB2850-x86.exe. avast can't extract an infected email in a .pst file without the possibility of corrupting the .pst file with the potential loss of all emails.

So you would have to do a manual search of your outlook folders for an email with an attachment  update-KB2850-x86.exe and delete it or clear the deleted items folder and then compact the folders to ensure it is completely gone.

I'm sorry I can't be much practical help as I don't use MS Outlook.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Warezov-CTJ[Wrm]
« Reply #2 on: March 05, 2008, 01:19:26 AM »
To add to DavidR's reply, I don't get one single hit for "update-KB2850-x86.exe" or even "KB2850-x86.exe"

I would agree with him that a manual search of the path you indicted for that email and removing it. See if that helps your problem.

If you could save that email to a temp location and submit it to virustotal to see what others detect it as would also help. Knowing more about what it is, would help in determining if you are infected with anything.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Warezov-CTJ[Wrm]
« Reply #3 on: March 05, 2008, 01:25:19 AM »
Yes KB numbers are usually 6 figures, but I never even bothered with a search. The major thing is that updates aren't distributed in that way and there are a number of old malware infections disguised to look like updated to have the user run it and infect their system.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

22cowboy

  • Guest
Re: Win32:Warezov-CTJ[Wrm]
« Reply #4 on: March 05, 2008, 01:49:18 AM »
thanks for the advice; i'll try what you guys are describing.  Also, while i was submitting my original question, i had gone onto the geeksquad website and had run their free symantic "virus detection".  it came back w/the following:

"74515 files scanned, 1 file(s) infected on your disk drives."
"No viruses were detected in memory."
"Your computer is infected with at least one known virus or Trojan horse."
"Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information."

"C:\Documents and Settings\Administrator\Local Settings\Temp\_avast4_\unp120633472.tmp is infected with W32.Stration.AC@mm"

Any extra advice?


 

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Warezov-CTJ[Wrm]
« Reply #5 on: March 05, 2008, 02:22:56 AM »
That is the location that avast uses to unpack files for scanning, once scanning is complete the contents unpxxxxxxx.tmp (xxxxxxx being figures) files should be removed. So for some reason yours didn't clear, possibly because it couldn't take action if this was/is related to the infection in the .pst file, you can safely get rid of the unp120633472.tmp file.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

22cowboy

  • Guest
Re: Win32:Warezov-CTJ[Wrm]
« Reply #6 on: March 05, 2008, 03:08:46 AM »
fantastic.  I'll give it a go.  Thanks for all of your help.

22cowboy

  • Guest
Re: Win32:Warezov-CTJ[Wrm]
« Reply #7 on: March 05, 2008, 06:51:55 AM »
Thanks for all the help David R. and oldman!  Looks like my issues are solved.  I've run spysweeper twice on the infected outlook files (w/restarts in between) and avast antivirus twice on the infected outlook files (also w/restarts in between) and everything is looking good.  Thanks again!

Offline oldman

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4142
  • Some days..... MOS...this bug's for you
Re: Win32:Warezov-CTJ[Wrm]
« Reply #8 on: March 05, 2008, 07:04:17 AM »
Happy to help, glad you got it sorted,

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Win32:Warezov-CTJ[Wrm]
« Reply #9 on: March 05, 2008, 02:17:54 PM »
No problem, glad that your problem is resolved.

Welcome the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security