Re: HELP!
From: Roman Pelech (hlhosting_at_yahoo.com)
Date: 06/01/04
- Next message: S.Sengupta: "Re: HELP! re UNREGMP2.EXE ENTRY POINT NOT FOUND"
- Previous message: Deon H: "Re: to Ghost Laptop"
- In reply to: HELP: "HELP!"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 1 Jun 2004 07:03:27 -0700
from Mcafee:
***Method of Infection***
The virus drops a UPX packed executable in the user
temporary directory and executes it.
This file is actually a DLL, 176,128 bytes in length,
bearing a random filename with a .TMP extension (eg.
SQH9.TMP ). The DLL is injected into the EXPLORER.EXE
process, thus keeping the virus memory resident.
The virus enumerates all network shares and infects all
PE .EXE and .SCR files that it has write access to.
***Removal Instructions***
Use specified engine and DAT files for detection and
removal.
Infected systems should be removed from the network and
repaired prior to placing them back on to the network.
Failure to do so can results in further infections.
Note: The UPX-packed dropped DLL is injected into the
EXPLORER.EXE process for the virus to remain memory
resident. Cleaning involves the unloading of this DLL from
EXPLORER, which requires the 4.2.60 engine (or greater). A
reboot may be required after the .dll is removed from
explorer.exe.
As this threat seeks open shares, turn off full share to
your system. If you have to use shares, use password
protection to avoid being a future target.
-------------------------
Additional Windows ME/XP removal considerations:
http://download.nai.com/products/mcafee-
avert/SystemHelpDocs/DisableSysRestore.htm
>-----Original Message-----
>I have a virus on my pc. i didnt know this until i
started
>suspecting when my pc crashed whenevr i played games or
>watched windows media movie player. So i did a virus scan
>and it said i have pate.b.worm or me.parite or something
>(samething). It infects .exe and .scr files(explains why
>my screen saver doesnt work). I had no problems till i
>used the virus scanner(housecall) to clean and all it did
>was corrupt .exe files on my pc. but it made backups so i
>renamed the .rb0 backups as .exe and it worked. But my pc
>was still crashing. i suspected overheating, this was in
>the fall of 2003. Then i tried cooling it. No help. So I
>removed a ram stick in the first slot. It stopped
freezing
>when i played games. Now its been freezing a lot lately,
>and not just when i play games. so i bought a new ram
>stick and tried it(512 mb ram) and it crashes a lot more
>now, even sometimes on turn ons. when it crashes, it
looks
>like power went out..monitor goes black but then turns
>back on revealing the last image i saw, but this time
with
>the new stick of ram, colors are everywhere but on the
>last image i saw before it froze. its annoying. PLEASE
>HELP! i turned off system restore. The hp company(i have
>xp) didnt give me a restore disk..only thing i can use is
>windows restore. but if i turn it on, it would get
>infected. also, when i go to play games, i cant without
>reinstalling or copying the game exe from cd rom each
time
>i go to play(before it gets infected...it used to get
>infected a lot but still work before i used the virus
>scanner). any reasons for the crash and how to remove
this
>worm? these tutorials on the net suck.
>.
>
- Next message: S.Sengupta: "Re: HELP! re UNREGMP2.EXE ENTRY POINT NOT FOUND"
- Previous message: Deon H: "Re: to Ghost Laptop"
- In reply to: HELP: "HELP!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
