Author Topic: Win32:Kuang2 in C:\WINDOWS  (Read 7592 times)

0 Members and 1 Guest are viewing this topic.

dakedee

  • Guest
Win32:Kuang2 in C:\WINDOWS
« on: August 13, 2004, 03:35:14 PM »
Hi, I have just installed AVs Home Edition and had it scan my harddrives. and it found Win32:Kuang2 something in many places which i deleted them all exept the one in C:\WINDOWS  that i ignored becoz i am not sure if i should delete the file. Anybody knows how to deal with this? ???

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #1 on: August 13, 2004, 03:53:21 PM »
To get help, give us more info please.

What file(s) is(are) it(they) exactly and what is the location?
What location is(are) it(they) in?
What windows version?
What version of Avast?
What vps version?

dakedee

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #2 on: August 13, 2004, 04:00:09 PM »
What file(s) is(are) it(they) exactly and what is the location? > i can not remember the file name, but i can remember the virus name, it is Win32:Kaung2. the location was C:\WINDOWS\system32

What location is(are) it(they) in? > C:\WINDOWS\system32

What windows version? > XP servicepack 1

What version of Avast? > 4 Home editon

What vps version? > vps???

what can i do? ???

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #3 on: August 13, 2004, 04:07:46 PM »
Run a full system scan and delete everything that is detected as the Kuang virus. Alfter that, run HijackThis and post the log here.
« Last Edit: August 13, 2004, 04:08:11 PM by Eddy »

dakedee

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #4 on: August 13, 2004, 04:25:27 PM »
alright  :)

whocares

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #5 on: August 13, 2004, 05:45:54 PM »
Hi,

KUANG-"Virus":
if the filename(s) are
imscan.dll
or pav.sig
it's probably a "false positive" in unencrytped files of PANDA(Online-)AV-Scanner

--> See link "VirusRemoval" below in my sig, or the FAQ on www.avast.com

to be sure, you could scan them online with Trend, RAV, KAV (see "VirusRemoval"; avast shield needs to be paused for this.. ;)

--> then there's no need to delete the files, just exclude them from scanning (see avast'S docu/help/FAQs)
 ;)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #6 on: August 13, 2004, 05:47:54 PM »
Here is the direct link to the Alwil page with the false positives about Panda av.

dakedee

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #7 on: August 13, 2004, 10:18:28 PM »
thank u so much - those are really helpful. now i am scanning my systerm with Trenmicro's "Housecall".

nip

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #8 on: November 26, 2004, 03:24:16 AM »
Re:  C:\Windows\system32\
Win32:Kuang2

About a week ago I carried out an online scan from Panda with ActiveScan, and I believe it left a false positive virus file.

O/S WinXP(Sp2); Avast Virus Scanner; ZoneAlarm; Adaware, Spybot, Spywareblaster.
All programs are up to date.

Yesterday I carried out a demand thorough scan with Avast, and it identified a “virus”.  As suggested I put it in the virus chest.

Virus:  Kuang2
File:  imscan.dll
Location:  C:\Windows\system32\ActiveScan

After reading your excellent write up on virus removal etc., as well as the forum(s) regarding Kuang, I came to the conclusion that I most probably had a “false positive virus” identification.  (by the way the link to further information on the Kuang subject in virus removal information did not work for me)

I then deleted the above virus from the virus chest, turned off system restore, rebooted, and turned system restore on again.  I then ran the Trend virus checker as well as Avast thorough system scan, and no virus was detected.

I guess my question is, should I be concerned about any passwords on my system?  And did I correctly take care of the problem. (I guess I’m in deep “doodoo” if I didn’t do it right!)

Thanks,  nip

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #9 on: November 26, 2004, 08:22:49 AM »
Isn't activescan part of Panda?
Have a look HERE

nip

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #10 on: November 26, 2004, 04:20:05 PM »
Thanks very much for your reply.  And sorry for the bold in my post, I obviously did something incorrect, as this is my first post
Yes, I realize ActiveScan is a part of Panda, and that's the reason I got this so-called false positive.  I do not intend to use Panda as a further verification any more for the reasons given.  I could not find the information you linked me to before I posted.

Given all the information supplied then, I assume everything is OK with what I did to eradicate this from any further detection.  Am I correct in this??

Thanks again,
nip


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #11 on: November 26, 2004, 07:16:34 PM »
I assume everything is OK with what I did to eradicate this from any further detection.  Am I correct in this??

Yes, you could delete that file...
I hate unencrypted signature files of Panda  >:(
The best things in life are free.

nip

  • Guest
Re:Win32:Kuang2 in C:\WINDOWS
« Reply #12 on: November 27, 2004, 04:05:42 PM »
Thanks again Tech!

nip :)