Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus's galore!


  • Please log in to reply
11 replies to this topic

#1 B34R

B34R

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 03 November 2004 - 04:55 PM

I have just run pc-cillin only to discover 445 infected files. They all seem to be of the type pe_parite.A. There are a few of type pe_parite.B. Is this really bad and what can I do it claims they are uncleanable files. Most are contained within system volume information. What does this all mean. I've only recently connected to the internet. Before which I was a home network. The host computer had anti-virus software but I didn't. Is it a complicated matter removing all these viruses?

Cheers Col.

BC AdBot (Login to Remove)

 


#2 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 03 November 2004 - 05:41 PM

Thats a whole lot of viruses!

#3 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:08 PM

Posted 03 November 2004 - 08:31 PM

Panda software has some useful information on PariteB, and a removal tool:


http://www.pandasoftware.com/virus_info/en...s&idvirus=18181


Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#4 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 03 November 2004 - 09:47 PM

Cheers I will check that out.

Col.

#5 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 04 November 2004 - 07:48 AM

Is the process of removing trojans and worms a complicated one? Or is it reasonably straightforward?

Col.

(Would have edited my last post but I wasn't given the option for some reason)

Edited by B34R, 04 November 2004 - 07:48 AM.


#6 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:07:08 PM

Posted 04 November 2004 - 01:44 PM

If you carefully follow the instructions provided with removal tools, it is relatively easy to remove them. Some viruses and trojans can, however, become fairly complex if you have a lot of instances on your computer.
If the latter is the case,my advice is to be sure your resident antivirus is updated, and then to scan your HD in safe mode, and allow it to remove what it can (you may wish to temporarily disable system restore whilst doing this). Then run Ad-awareSE and Spybot Search and Destroy (both are free and downloadable from the internet) after updating their definitions.
If this action does not completely eliminate your problems, go to the hijack this board and follow the pinned instructions for submitting a log and let the experts help you get rid of any remaining problems.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#7 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 04 November 2004 - 04:18 PM

Thanks. Where do I find instructions on remove these viruses. I currently have 5 files infected with the following viruses:

worm korgo.s
worm korgo.w
troj holica.c
troj Agent El
Troj Delf. Ar

I don't know what to do when my antivirus says delete since I don't want to delete important files.

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:08 PM

Posted 04 November 2004 - 10:49 PM

What are the files that it says are infected with them...they are usually ok to delete.

#9 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 05 November 2004 - 07:17 AM

I have quarentined most of the files now using avast. My comp seems to work OK! I am thinking of deleting any malicious files I find two days after having quarentined them to ensure that they are not important. Do you think this is too long? I think I am now clean and fully protected. Will run avast again! Will also check out your hacker forensic tutorial. Cheers. You are a legend!

Col.

********************************************************************

Examples of locations viruses were found at:

C:\WINDOWS\system32\ActiveScan\imscan.dll (Win32:Kuang2)
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071347.exe (Win32:Trojano-302 [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071348.exe (Win32:Trojano-302 [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071349.exe (Win32:Trojano-302 [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071350.ocx (Win32:DyfucDldr-G [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071351.exe (Win32:Trojano-302 [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP418\A0071352.dll (Win32:Trojano-376 [Trj])
C:\System Volume Information\_restore{5DC1ABF6-190E-44E2-881E-40F2999437D0}\RP420\A0071393.dll (Win32:Kuang2)

Are most of these files that I may restore (i.e. files I have in quarentine). Or is it it something to do with Windows restore points. If it is should I reset that?

Col.

Edited by B34R, 05 November 2004 - 07:52 AM.


#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:08 PM

Posted 05 November 2004 - 10:49 AM

You have to disable and reenable system restore to get rid of that stuff

#11 B34R

B34R
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:07:08 PM

Posted 05 November 2004 - 12:44 PM

Thought so. By the way, any opinion on how long I should leave the viruses I have detected quarentined? I said 2 days. Is this too long?

Thanks Col.

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:08 PM

Posted 05 November 2004 - 01:36 PM

Personally i would just get rid of em now

None of them are legit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users