Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Virus No One Knows About!?


  • Please log in to reply
5 replies to this topic

#1 GOLBERT

GOLBERT

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 26 April 2006 - 07:45 AM

Dear friends
First of all I am new here, Virgin post!.
I find this board very useful and people with great knowledge.
I clicked on a free Avatar library. Next thing I know I was under attack. There was no warning or setup, download windows. I was able to clean up all the intruders via Spybot, MS antivirus and freshly updated Norton. I also found the spyware and disable, changed their properties since I could not delete them. That stopped them from laoding.
In the mean time Norton, after several updates up until today, can not find the cure for this trojan. It is in quarantine now.
ivxlpfv.exe
Tried yahoo and google search with no results.
Any help will be appreciated.
Thanks
Golbert

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:12:21 AM

Posted 26 April 2006 - 07:50 AM

Welcome to BC! :thumbsup:

It may not be a NEW virus, just one that uses a random name. Here are some resources and ideas on how to remove it:

A generic BC tuturial on how to remove a virus can be found HERE.

Another idea: I would recommend following the Preparation Guide to posting a High Jack This log. You may not need to actually post a log, however. If you follow the instuctions in the Prepatory Guide faithfully then this little bugger ought to be removed. However, rarely is a computer infected with only one thing.

If after completing all of the steps in the Preparation Guide you continue to have issues, post a HJT log as instructed in the Preparation Guide.

PREPARATION GUIDE


ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:21 PM

Posted 26 April 2006 - 09:50 AM

With any particular virus or malware, any particular av ap may not be the first to update definitions, so Norton's lacking the new definition is not any particular surprise.

In addition - Norton primarily addresses viruses. What you ran into may or may not be a virus - it could be some other form of malware.

Heuristic capabilities also sometimes set off false positives.

What originally notified you of this "ivxlpfv.exe"?
Google still gives no hits, so are you sure it is spelled correctly?

I suggest you run the following web based scans using the Internet Explorer web browser only. The last two are particularly designed to detect trojans:

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
and
File scanner and virus scanner
http://www.kaspersky.com/scanforvirus


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Avast Online scan
http://onlinescan.avast.com/

F Secure online scan
http://support.f-secure.com/ols/start.html


Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

#4 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:12:21 AM

Posted 26 April 2006 - 10:55 AM

Remove files from Norton Quarantine.

#5 GOLBERT

GOLBERT
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 27 April 2006 - 10:01 AM

Thank you for your everyones help.
I did downlaod autoruns and worked with it as directed. Semms to have helped.
Northon found the virus.
and.
I deleted from quarantine twice. And virus comes back full strong and vicious after. It only seems to stay quite while in quarantine.
Thanks

#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:11:21 PM

Posted 27 April 2006 - 07:16 PM

If the virus keeps coming back after using Norton and "deleting" it, I suggest you post a HJT log in our HJT forum.

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in one folder may be fine while in another may be malware.


A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make it different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking for a new log to work on might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users