Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aim Worm


  • Please log in to reply
5 replies to this topic

#1 KyleKas

KyleKas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 14 April 2008 - 12:44 AM

Hi I've recently downloaded AVG Anti-Spyware and found that I have Worm.AimVen on my computer. I've tried finding guides to remove it perminately but none have helped, it just keeps coming back. Any help would be very appreciated!!

I also find V.exe in my search of hidden files on my C drive not sure what it is..

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:19 PM

Posted 14 April 2008 - 01:15 AM

  • Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  • Double click on mbam-setup.exe to install it.
  • Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  • Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  • Select the Scanner tab. Click on Perform full scan, then click on Scan.
  • Leave the default options as it is and click on Start Scan.
  • When done, you will be prompted. Click OK, then click on Show Results.
  • Checked (ticked) all items and click on Remove Selected.
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Chewy

No. Try not. Do... or do not. There is no try.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:19 PM

Posted 14 April 2008 - 07:21 AM

V.exe is part of the infection which copies itself to the root of C and spreads via America Online Instant Messenger (AIM). See here.

Download and run AIMFix to remove all known AOL Instant Messenger-related viruses.

Then ownload Sysclean Package and the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number).
  • Be sure to print out and follow the instructions provided in the How to Use System Cleaner for performing a scan.
  • This tool generates a log file (sysclean.log) in the same folder where the scan is completed - C:\Sysclean.
  • When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 KyleKas

KyleKas
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:19 PM

Posted 14 April 2008 - 02:52 PM

Thanks for the replies! I ran AIMfix and the System cleaner program. Neither found anything but Syscleaner had a number of things it scanned with errors. Should I still run the Malwarebytes scan?

Also I did another AVG scan and all it found in regards to the worm was

C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP119\A0031708.ocm -> Worm.AimVen : Cleaned with backup (quarantined).

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:10:19 PM

Posted 14 April 2008 - 03:10 PM

Personally I would, since it's always best to run 2 scans with different programs, it's like getting a second opinion.

MBAM is a very highly reccomended one.
Chewy

No. Try not. Do... or do not. There is no try.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:19 PM

Posted 15 April 2008 - 07:39 AM

The infected RP***\A00*****.exe file(s) identified by your scan is in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to set points in time to roll back your computer to a clean working state. The SIV folder is protected by permissions that only allow the system to have access and is hidden by default unless you have reconfigured Windows to show it.

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When an anti-virus quarantines a file by moving it into a virus vault (chest), that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users