Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.areses.q@mm


  • Please log in to reply
2 replies to this topic

#1 bakayaro

bakayaro

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 September 2006 - 06:00 AM

its living behind the partition in the HD.
I checked the registry and its not there, though, norton says its there.

turned off system restore and deleted the files.

anyone dealt with this before?
cheers

BC AdBot (Login to Remove)

 


#2 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:12 PM

Posted 26 September 2006 - 06:46 AM

Discovered: September 5, 2006
Updated: September 11, 2006 08:50:06 AM GDT
Type: Worm
Infection Length: 21,262 bytes
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


W32.Areses.Q@mm is a mass-mailing worm that opens a back door on the compromised computer and may download files.
http://www.symantec.com/security_response/...-090611-4944-99

Open Norton in safe mode with networking, update its definitions and run a complete scan.

After you do that see if Norton will delete the infection.

If it says it did, reboot and then do some of the following web based scans using Internet Explorer only, as they require Active X:

Windows Live Onecare Free Scan
http://safety.live.com/site/en-us/default.htm
Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest
and
File scanner and virus scanner
http://www.kaspersky.com/scanforvirus


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm
http://www.pandasoftware.com/products/activescan.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

Avast Online scan
http://onlinescan.avast.com/

Trojan scans –
Sygate Trojanscan
http://scan.sygatetech.com/pretrojanscan.html

Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

Parasite scan from Aumha:
http://www.aumha.org/a/noads.php
or here:
http://www.aumha.org/win5/a/noads2.htm


Run the Windows Free Scan and at least two others and then both Trojan scans and the parasite scan.

If you still have an infection after doing that I suggest you post a Hijack This log in our Hijack This forum (not here in the Win XP forum)

Read the pinned post in our “HijackThis” forum,
here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions create a HJT log, and POST THE HJT LOG YOU CREATED IN OUR HJT FORUM – not in this forum,
at this link.
http://www.bleepingcomputer.com/forums/posthjtlog.html
Include the specs for your computer (ie, processor, amount of RAM, brand or motherboard, etc, and briefly describe the problem you are experiencing.)

Unless you are expert at editing the registry, Do not use the Hijack This program to try to fix anything by yourself as even what may seem to be a small mistake can render your operating system inoperable.
Some files when in the correct folder for them may be fine while in another may be malware hiding.


A member of our expert HJT Team will analyze your log, make recommendations and offer assistance, walking you through the complete repair process.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make your computer to be different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria the HJT Team has when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having had 1 reply.
A team member, looking for a new log that requires help might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, post your HJT Log in our HJT Forum (not here in this forum) and wait for a response from a HJT team member.

After you post your log, please do not make any changes to your computer. Discontinue trying to delete anything with any program as changes will make your HJT log obsolete and waste valuable time spent by our HJT experts analyzing the log made innacurate by changes and therefore their plan formulated to address the problems will also be obsolete.

If after 5 days you still have gotten no response, then post a re-request and a link to your HJT log HERE.
http://www.bleepingcomputer.com/forums/topic14717.html

Make sure you post your HJT log in the HJT forum, not here, because if you post it here in this forum the response from our HJT Team will be delayed because the post will have to be moved before they see it and it will fall in line behind many others posted that same day.

#3 bakayaro

bakayaro
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:12 PM

Posted 26 September 2006 - 09:02 PM

I have a hjt log thread going now as well. I posted on that thread R/E this problem. I'll take it up over there.
cheers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users