Author Topic: Win32: Deborm-R virus/worm  (Read 9322 times)

0 Members and 1 Guest are viewing this topic.

Colin

  • Guest
Win32: Deborm-R virus/worm
« on: May 17, 2003, 03:26:24 PM »
I run V4 and it has detected and then "cleaned" the above worm 3 times now. But every approx 2 days the  worm reappears and is typically reflected as ~n.exe running in either the temp file or in the startup menu under all users.
It causes massive CPU usage but I have not detected any other damage as of yet.
I run NT4 and it seems as if no one else has heard of this "virus" as they don't even list it in their definitions. Is this possibly unique to the Avast software? Is it possibly being caused by tht Avast software itself?

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32: Deborm-R virus/worm
« Reply #1 on: May 17, 2003, 03:38:45 PM »
It reappears, because it uses open shares on computers and you seem to have some open shares or/and use short  Passwords.

Here is a description of that Malware: http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.nebiwo.html
and you may visit this page to check if you have open Ports:
https://grc.com/x/ne.dll?bh0bkyd2

and check your startup entries(Folders/registry/inis) for other Malware.

MfG Ralf

Colin

  • Guest
Re:Win32: Deborm-R virus/worm
« Reply #2 on: May 17, 2003, 04:21:54 PM »
Thanks for clearing up the name under which I can get a removal tool. You suggested i check out the Startup folder - however you mentioned folders which I cannot find - As I said, I run NT4 as the O/S and that is somewhat different to all the other MS O/S's. Could you be a bit more specific as to where I should be digging around?

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:Win32: Deborm-R virus/worm
« Reply #3 on: May 17, 2003, 04:34:12 PM »
Hm,  search for MSCONFIG.EXE  and start it.  It can show you the entries i mean. You can get it from here too, but i did not test it!
http://www.3feetunder.com/files/win2K_msconfig_setup.exe
MfG Ralf

Colin

  • Guest
Re:Win32: Deborm-R virus/worm
« Reply #4 on: May 18, 2003, 01:24:42 AM »
Thanks for the help. Just one small word of warning though - followed the link to check on the open ports and then followed the advice.  Well the author is a little vague on dealing with the network setup under NT4 and omits to warn against closing the netBIOS to Win TCP/IP link - result was a complete machine down situation, and I mean down - wouldnt even reboot. Thank the power above that I had created a bootable NT CD about a hundred years ago and managed to reinstall the damaged files and get the machine up! But his advice was good and the open ports resolved!
Of course now I just have to resolve the recurring Litmus trojan that some kind soul also dropped on me!