Author Topic: W32/Gnurbulf.B - The malware which caused user can't logon  (Read 3663 times)

0 Members and 1 Guest are viewing this topic.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Dear All,

Does anyone in here ever meet with this kind of malware family : W32/Gnurbulf.B ?

This happened at my friend's office, when he tried to logon then windows doesn't display anything and look like stuck at initial windows. If we see the task manager from this infected machine, we can find a lot of userinit.exe at machine processing.
Even we tried to access through safemode, this malware try to block user access.

You may see how Norman try to explain (Bahasa) : hxxp://www.vaksin.com/2006/1006/flu_burung_b2.htm

My question is, whether avast can prevent this worm when user plug their removeable disk or into their network LAN?

cheers,
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

13thSlayer

  • Guest
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #1 on: May 11, 2010, 08:13:09 AM »
If Avast! can detect it, it likely WILL prevent it, however if it can't, it won't, that's pretty much it.

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #2 on: May 11, 2010, 08:59:47 AM »
If Avast! can detect it, it likely WILL prevent it, however if it can't, it won't, that's pretty much it.

Hi,

Thanks for your kindly advice,

Just would like to know if anyone in here if maybe ever meet like this malware before.

cheers,
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #3 on: May 11, 2010, 09:55:43 AM »
Hi,

Just for your information, actually this worm has spread since Oct, 5th 2006.
So avast should be able to detect it.

cheers,
Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline Yanto.Chiang

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1366
  • Soli Deo Gloria
    • PT Garuda Sinatriya Globalindo
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #4 on: July 06, 2011, 12:25:16 PM »
Dear All,

Does anyone ever heard and rid this kind of malware previously?

Yanto Chiang | IT Security Consultants | AVAST Premium Security | GarudaSinatriya

Offline Left123

  • There Is No Patch For Human Stupidity.
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1048
  • Proud Community Member&Helper.
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #5 on: July 06, 2011, 02:02:33 PM »
http://paperscom.blogspot.com/2010/05/overcome-virus-w32.html
Scroll down to "Ways of handling on Windows XPadalah briefly as follows"
AMD Athlon(tm) X2 Dual-Core Processor 4200+ - 2.20 GHz,3,00 GB RAM -
Browser:Mozilla Firefox +WOT - SoftWare:CCleaner - Windows 7 32 bit
No Anti-Virus

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: W32/Gnurbulf.B - The malware which caused user can't logon
« Reply #6 on: July 06, 2011, 02:33:14 PM »
Signs of an infection with this nasty self-replicating worms are:
Unusual programs appears in the system process list
Downloaded additional malware codes
Compromised files re-creates after manual deletion
Search results being hijacked
Blue error screen and system shutdowns
TrendMicro finds it as WORM_VB.AVH alias: W32/Generic.e,
I find this specific ThreatExpert analysis: http://www.threatexpert.com/report.aspx?md5=2aca735fbca306421acd7a29c9409f4c
Malware on spreading site now closed or dead...

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!