Avast CANNOT detect pwsteal.sagic.b

I am using WindowsXp Sp2 with all security update has been installed (July 16, 2005)
Using Avast 6
file version=0528-6
Compilation Date=July 16,2005

  • I cannot access regedit.exe nor task manager, message appear “Disabled by Administrator”
  • I cant logging in with Yahoo Messenger. My Firewall (Outpost 2.6.452.5123 (403)) report that file c:\windows\regsvr.exe preventing YM to acces internet. Now, i try to scan with TDS-3 Anti Trojan… It detected “Positive Identification” infected by PSW.Sagic.B (pwsteal.sagic.b).
    I try to find those infected file, not found!

After searching Google, I found this link

I know, Norton explained how to remove those threat with easy. But, in Avast? ??? I try to scan, it doesnt work still not detected :frowning:

Thank You for your help…

Regards,

I know it’s a generic answer but, can’t you scan your system with antispywares and antitrojans applications?

Antispyware applications (freeware): download, install, update and run it.
Ad-Aware
Spybot Search and Destroy
Spywareblaster
A-squared
Ewido
Webroot Spy Sweeper:
Microsoft AntiSpyware
X-Cleaner Free

For antiTrojans see the sharewares bellow (download, install, update and run it, you can test it for some days):
TrojanHunter
TDS-3

Thank You, for your help.

I am scanning using Ad-Aware, but they only find the suspicios registry. Not the source (regsvr.exe). TDS-3 found it, but cannot remove. Because resident in my
Windows Memory.

Well, here the report i include it.
Also i capture the file Regsvr.exe for The FIXER :slight_smile:

Ad-Aware SE Build 1.06r1 Logfile Created on:Wednesday, July 20, 2005 8:21:20 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R54 14.07.2005

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Task Manager (Task manager access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-746137067-1708537768-1003\software\microsoft\windows\currentversion\policies\system
Value : DisableTaskMgr
Data :

Windows Object Recognized!
Type : RegData
Data :
TAC Rating : 3
Category : Vulnerability
Comment : Possible unintended lockout from Registry Editor (Regedit access disabled)
Rootkey : HKEY_USERS
Object : S-1-5-21-776561741-746137067-1708537768-1003\software\microsoft\windows\currentversion\policies\system
Value : DisableRegistryTools
Data :

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

End of AD-Aware Scan—

Scanner by TDS-3 <Databases updated 17-07-2005>

Scan Control Dumped @ 16:11:22 20-07-05
Positive identification: PSW.Sagic.b
File: c:\windows\regsvr.exe

Outpost Firewall Reported

7/17/2005 7:07:50 PM Process network access blocked REGSVR.EXE modified memory of YPAGER.EXE

Finally, after using Tool Hijackthis… I disable temporary the suspicious file (Regsvr.exe) from memory, and moving those file at safe folder. I kill and delete it.
But, until now everytime Windows Start, those file still load on my XP :frowning: even i disable System Restore, also delete some startup Registry thru Hijackthis tool.

Now, say thanks to Mr. Whocare who gave me This thread link :smiley:

Now i try it with Kapersky Online, and Virus total Utility to scan those file.
The result is… Infected with SAGIC (password stealing YM) :slight_smile:

Here the attachment i include…

Thanks…

Hope next VPS, avast can handle this…

Well, the last help i wish…
How, to kill those threat from my Windows?
I know Avast can scan under DOS/Safe console to scan (if triggered). Now, i forgot how to perform Avast Check my PC from DOS Mode :frowning: ( I mean which setting to be set?)
Of course, after new VPS has been release to handle this threat :slight_smile:

Because, i am still like using this great Avast AV (my favorite) :smiley:

Regards,

[Edit: deleted attachment]

Just clarifying…

After some periode using “dual AV on single machine” (Avast+NOD32),…

Downloading new VPS. Got update, and then scan my archive files (infected by Sagic). And good news, Avast detect it 8)

Now, i can safely remove and delete it. Un-installing NOD32 :wink:
And continues using my fave Warez P2P program again…

Great job FIXER.
Thanks…

Now, i can safely remove and delete it. Un-installing NOD32 And continues using my fave Warez P2P program again..

No, you can not use it safely. P2P applications ALWAYS implement a huge security risk.
Buying the legitimate software is the only safe (and sensible) thing to do.

Sure, you’re right

I do for MP3 only… :slight_smile: