Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Win32/chir.b@mm Question.

  • Please log in to reply
3 replies to this topic

#1 iceash


  • Members
  • 32 posts
  • Local time:02:54 PM

Posted 03 December 2006 - 04:14 PM

Okay probably a stupid question but i am infected with this virus just few hours before. And according to this site http://www.trendmicro.com/vinfo/virusencyc...e=PE%5FCHIR%2EB

It also infects all files with the following extensions:

On the 1st day of the month, it overwrites the first 4,660 Bytes of files with these extensions:

So i am scanning my full computer with avg. So far it found two infections which were my modem drivers. Yes the cd drivers were already infected as i checked. But Did it infect my other files?

And Incase if it overwrited How would i know? Would they be infected also? Because avg reports nothing other than those two files. So i am kinda worried about my files.

BC AdBot (Login to Remove)


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,011 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:54 PM

Posted 03 December 2006 - 07:11 PM

According to the link in your post, this infection is a worm that will appropriate your address book and send out a bunch of spam.

Which AVG program are you using? AVG anti-virus or AVG 7.5 Anti-spyware (formerly Edwido)?

What firewall do you have? A third party firewall is essential so you can block outgoing traffic. In case you don't have one, there is a list of free firewalls in this topic: http://www.bleepingcomputer.com/forums/topic3616.html

I would suggest following quietman7's directions from the post I have quoted below:

Download and scan with SUPERAntiSypware Free for Home Users

  • Double-click SUPERAntiSypware.exe to install and use the default settings for installation.
  • Run SUPERAntiSypware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Make sure they all have a checkmark next to them and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • Select close to exit the program.
  • Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.
Download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware.) Be sure to print out the AVG Anti-Spyware Install-Scan Instructions and read the User Manual.

Then perform this online Virus scan: Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]

In addition to this, I suggest you follow the directions in this guide. Then create an HJT log, you will find the directions in the guide.

Create a new topic in this forum, not here and give it a good descriptive title. Briefly summarize what the problems are, what you have done to try to solve it, and what worked and didn't work and paste in your HJT log.

After you post your log, DO NOT make any further changes to your computer: deleting files, editing the registry, using special fix tools, installing or uninstalling software etc. as this will make it more difficult for the HJT team to help you.

Please be patient as the HJT team is very busy. DO NOT bump your log as the team may think that someone is already helping you. If you have not had a response in five days, add a response to the five days no response topic and paste in the link to your thread.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 buddy215


  • Moderator
  • 13,323 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:54 PM

Posted 03 December 2006 - 07:40 PM

Did you see this when you were on the trendmicro.com site?

If you are not a Trend Micro customer please download the following file.

Sysclean Package 3.1MB

MD5 checksum: bc6e506a8462aec768f2f8260e5ba4ed *SysClean.com

For instructions on how to use this package, consult the "How to Use" section of the readme file, readme_sysclean.txt. This file also contains the description and the different features of this package.

Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 Dead Ener

Dead Ener

  • Members
  • 2 posts
  • Local time:02:54 PM

Posted 18 September 2007 - 12:44 PM

virus not remove still

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users