« previous next »
Pages: [1]   Go Down

Author Topic: W32/Francette-I detected  (Read 4913 times)

0 Members and 1 Guest are viewing this topic.

robbieroy

  • Guest
W32/Francette-I detected
« on: June 18, 2004, 08:20:25 PM »
Hi all
This is my first post and I am looking for some help  ???
I previously used AntiVir and it detected a W32/Francette-I worm in C:\WIndows\system32\lol/dll.  Access to the infected file is denied.
In an attempt to get rid of it I downloaded Avast 4 Home addition and registered it.  However, Avast 4 does not report this infection.
I would really appreciate some suggestion about how to get rid of this Francette worm.
Thanks in anticipation.
Robbieroy (yes from Scotland!)
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89064
  • No support PMs thanks
Re:W32/Francette-I detected
« Reply #1 on: June 18, 2004, 08:55:01 PM »
General Virus Removal Help courtesy of whocares.

What WIN do you have? Are all ServicePacks and Windowsupdates applied?
Have you managed to repair/reinstqll avast? so that the resident protection is working again?
-> test with harmless testfile EICAR.COM from www.eicar.com

What were the exact names avast gives the trojans?

Sometimes it's enough to
- clear all TEMP-folders (via drive CleanUp AND best also manually)
- empty Temporary Internet Files folder(s) (via IE->Tools > Options > General - Temporary Internet files ->Delete files, including OFFLINE files) and
- empty java-Cache or
- disable system restore on Win ME/XP INCLUDING a REBOOT!! ( http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm )
to get rid of it..

Test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name (you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

(If they all don't show it as infected, please send it in a password-protected zip-file to
virus (at) asw (dot) cz
Include the Zip-password and a link to this posting in the mailtext)

spybot, ad-aware and cwshredder might also help
see www.lurkhere.com ->nicefiles and www.lavasoft.de

-remove the Virus/Malware and it's system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky, AV-Boot-Disks;
you might also try searching for the virus name or filename with google

General removal procedure:
- disable system restore on Win ME/XP
- kill respective Backdoor/Trojan process with task manager
- search for the file/process names in the registry; remove the malware's startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot

If you still can't remove it, you could post a logfile of Hijackthis here:
http//hjt.klaffke.de/en & read this first: http://www.spywareinfo.com/%7Emerijn/htlogtutorial.html


- Secure your system:
  Change passwords, secure shares, install patches/updates for WIN&IE;
  disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla
- Scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean
- If needed, reenable system restore on Win ME/XP

HTH David


Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

carolinus

  • Guest
Re:W32/Francette-I detected
« Reply #2 on: September 21, 2004, 11:51:41 PM »
hi there,
first, sorry for my poor english,

my system is infected by francette worm :(

i cant download patches from microsoft - system is too unstable after infection

virus try connect with adress bots2.m0n4x.pp.ru

is there any removal tool to kill this  worm?virus
Logged

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31079
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:W32/Francette-I detected
« Reply #3 on: September 22, 2004, 08:46:03 AM »
Run a boottime scan and see if the problem is solved.
Logged

carolinus

  • Guest
Re:W32/Francette-I detected
« Reply #4 on: September 22, 2004, 04:59:05 PM »
Quote from: Eddy on September 22, 2004, 08:46:03 AM
Run a boottime scan and see if the problem is solved.

unfortunatelly boottime scan not work at all :( , i mean scanner remove some but not all infected files,
(cause 2-5 min after system logon - avast alerts me again)
im not so experienced in xp (nt/2k) systems... so i dont know what process/services is suspect to be
infected

at win9x / me i use linux rescue cd to boot my comp,  then manually remove infected files - and all
system files possibly infected  - replace this files from win install cd - but this not work in xp/2k :(
Logged

whocares

  • Guest
Re:W32/Francette-I detected
« Reply #5 on: September 22, 2004, 05:49:40 PM »
Quote from: carolinus on September 22, 2004, 04:59:05 PM
(cause 2-5 min after system logon - avast alerts me again)
small wonder:
this worm will reinfect you as soon as you connect to the inet, if your Windows is not patched..!!

- reread the above topic and give us some more infos
- enable XP's built-in firewall
- get the patches (possible from a different PC) and install them in SAFEMODE (F8-Boot)
-> for Download-locations look e.g. here:
http://securityresponse.symantec.com/avcenter/venc/data/w32.francette.worm.html
- clean your PC with avast in SafeMode or via Boot-time scan or according  to the instructions in above Symantec-Link or via the red links here:
http://www.virusbtn.com/perlbin/vgrep/vgrep.cgi?terms=Francette&product=1
- reboot, do a full scan with avast and post a hijackthis-Log
 ;)
Logged
Pages: [1]   Go Up
« previous next »