win32:Banuris [wrm]

[chab]

Hi everybody

I made a scan of my computer with avast4 and a virus was found

the name is : win32:Banuris [wrm]

It seems to be a p2p worm but i can't find any information about it

Could anybody help me please ?

tnx

[raman]

Do you have executed the Malware allready or is it only in your Shared folder? It seems to be a relativ new Malware. KAV detects it since 28.03.03.  I did not find a Description of it

Find one: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINUR.C

[chab]

Well the fact is that i'm not sure

But  my system was getting so slow that after trying to restore my registery files and staff with no succes i had to format my hard drive and reinstall my os (win2k)

What surprised me a lot is that the infected file was an "mpg"

I'm using winmx 3.3

I really don't know what hapened and i'm not sure that an mpg can contain a virus or a worm so far

I'm still looking for more details about it

[raman]

no it was not an mpg file. Windows let you (with standardsetting) see only the mpg extention. I think it was an filename.mpg.exe. Windows does not show you the extention it knows allready, only unknown fileextentions will be shown in standard settings. You can change that under extras/folder options. At least in a German Windows.

[chab]

Well i usually don't trust windows standardsettings  

but you are probably right because i never heard about mpg files containing virus or whatsoever

The scan found the infected file in the recycled

the path was c:\recycled\dc51.mpg

I found this file after rebooting under win98 because i could not run the scan under win2k

My mistake was to delete it when the scan prompt me what to do with it

As i said before, i'm not sure about what exactely happenned

but i can tell you one thing : this virus is a mess

anyway, thanks for the link, it helped me a lot to understand, i whish i had it before because there is no description of it in avast virus database

[Vocalist]

Hi, I have the same problem with the same worm since yesterday.
But I cannot find any file like "banuris" or "dc51" or so.
I use Win ME and WinMX 3.31 (like CHAB).
Mu AntiVir-PersonalEdition gave me a warning, but coudn´t remove the damned worm. Coudn´t find any other information about this.
Do you can help, please ?

[raman]

Which file is reported as infected? Where is it loacated?

[Vocalist]

Banuris created a folder "shareddocs" ; within cracked games, porn pictures and other files that
I don´t know and I never had. All of this "ghost files" have the same size (98 304 kB) and other users in a P2P network can download it from me.
With "search" function I never found a folder "Shareddocs" or other files with size 98 304 kB.
But AntiVir shows me: Infection with Banuris in folder "shareddocs".
What can I do now ?

[raman]

You can not see it, because the folder has the "hidden" attribut. You can set Windows to show you this folder(somwhere in the Explorer/extras/folder options/display/hidden files and folders, i do not know if it is the right term, because i do not have an english windowsversion).ö You will be able to delete it in windows safe mode.

Or you can use this guide: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_WINUR.C

BTW Windowssearch: It will show you the folder/files if you change the search option and let search for hidden files too.

[shooter]

Instal avast! and after that you scan your harddisk and delete the virus.


regards shooter