Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email-worm.win32.warezov.com


  • Please log in to reply
5 replies to this topic

#1 chapin33

chapin33

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:CA
  • Local time:07:11 PM

Posted 22 August 2007 - 01:34 PM

Hi all...

Was running my a-Squared scan this morning after getting the most recent updates and this was noted. I run my scans weekly and this was not there last week nor any time earlier. I assume this is a worm that came in via an email but am careful to opening any attachments and only open after they are from known people but only after they are scanned. I realize they can still get through even when careful. I have included below the file location for this:

C:\program files\InstallShield Installation Information\{9068B2BE-D93A-4COA-861C-5E3E2C0E09E}\Setup.exe

I have not yet deleted it but have it quarantined. I ran some other spyware scans (Spybot, Spy Sweeper, Ad Aware) as well as virus scan (AVG free) but nothing was shown in any of the other programs. I tried posting this question at the a-Squared forum but so far no assistance has been given.

Please advise on what should be done with this, i.e. keep it quarantined, delete, other?. Thanks in advance for your assistance.

BC AdBot (Login to Remove)

 


m

#2 chapin33

chapin33
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:CA
  • Local time:07:11 PM

Posted 22 August 2007 - 01:47 PM

Here is the report that a2 provided me after I complted my scan....

a-squared Free - Version 3.0
Last update: 8/22/2007 9:20:35 AM

Scan settings:

Objects: Memory, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 8/22/2007 9:47:40 AM

C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe detected: Email-Worm.Win32.Warezov.om

Scanned

Files: 28235
Traces: 317890
Cookies: 89
Processes: 36

Found

Files: 1
Traces: 0
Cookies: 0
Processes: 0
Registry keys: 0

Scan end: 8/22/2007 10:13:50 AM
Scan time: 12:26:10 AM

C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe Quarantined Email-Worm.Win32.Warezov.om

Quarantined

Files: 1
Traces: 0
Cookies: 0

#3 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:11 PM

Posted 22 August 2007 - 02:15 PM

Use the online scan Bit Defender and see what it finds.
Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

I would leave the file in Quarantine until you were certain it isn't a false positive or something that you need.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#4 chapin33

chapin33
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Location:CA
  • Local time:07:11 PM

Posted 22 August 2007 - 03:15 PM

Thanks so much for the advice Buddy. I ran the Bitscanner and it found nothing. I will continue to hold it in quarantine and see if a-2 will provide an update to fix this ite. It seems that a few others have the similar thing so I am thinking it is false positive.

#5 buddy215

buddy215

  • BC Advisor
  • 12,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:11 PM

Posted 22 August 2007 - 03:39 PM

Sounds like a good plan.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#6 dribdrab

dribdrab

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 22 August 2007 - 04:01 PM

Kaspersky's says it's a worm. maybe run a free scan on Kaspersky's site, but maybe it won't find it if it's in quarantine,so I don't know what to tell you at this point. Maybe someone with more knowledge will help.

http://www.kaspersky.com/viruswatchlite?ho...ezov&page=2




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users