« previous next »
Pages: [1]   Go Down

Author Topic: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!  (Read 4062 times)

0 Members and 1 Guest are viewing this topic.

kyssme143

  • Guest
I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
« on: March 28, 2010, 12:01:41 AM »
It says the Malware name is "Win32:Dracur [Cryp]" and that it is a "Virus/Worm" and I'm using Windows XP Pro.  The actual filename that is showing up is "dmusic32.dll" and everytime I move it to the virus chest or delete it, it is just recreated.  Another anit-virus program is finding 3 additional files. lsass.exe, which it says is the Trojan Horse "SHeur3.MFR".  Then f_0033ab, which it says is the Trojan Horse "SHeur3.MWY".  Then f_0033aa, which it says is the Trojan Horse "SHeur3.MWY".  I don't know what to do?  How do I get rid of this thing?
Logged

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37547
  • Not a avast user
Re: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
« Reply #1 on: March 28, 2010, 12:53:54 AM »
Quote
Another anit-virus program is finding 3 additional files.
Do you have more than one antivirus program installed ?

Running multiple antivirus
http://www.bleepingcomputer.com/forums/index.php?s=94b45a07b68749855fbc0acfcb205542&showtopic=260844&view=findpost&p=1441638

Clash Of The Antivirus Apps
http://www.smartcomputing.com/editorial/article.asp?article=articles/2003/s1407/38s07/38s07.asp

 
lsass.exe may be a sasser infection
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?vname=WORM_SASSER.A
This worm exploits the Windows LSASS vulnerability, which is a buffer overrun that allows remote code execution and enables an attacker to gain full control of the affected system. This vulnerability is discussed in detail in the following pages:

DMUSIC32.DLL
http://www.superantispyware.com/malwarefiles/DMUSIC32.DLL.html

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here
« Last Edit: March 28, 2010, 01:13:16 AM by Pondus »
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89119
  • No support PMs thanks
Re: I can't get this virus/worm to go away!!!!!!!!!!!!!!!!!!
« Reply #2 on: March 28, 2010, 01:13:48 AM »
Since the other AVs detections appear to be Heuristic, e.g. the malware name given, SHeur3.xxx so I would suggest confirming the detections.

Check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page.

As has been mentioned avoid having more than one resident AV installed.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security
Pages: [1]   Go Up
« previous next »