Ewido is detecting banwarum.f virus in “C:WINDOWS\SYSTEM32\adir.dll”. I can delete the file as normal however it keeps replicating.
Has anyone any idea how to remove this infection? Avast 4 does not detect anything.
Thanks
Ewido is detecting banwarum.f virus in “C:WINDOWS\SYSTEM32\adir.dll”. I can delete the file as normal however it keeps replicating.
Has anyone any idea how to remove this infection? Avast 4 does not detect anything.
Thanks
Hi :
Ask and/or review the posts on the Ewido Support
forums at wilderssecurity located at :
http://www.wilderssecurity.com/forumdisplay.php?f=81 .
Were you running ewido in safe mode ?
What is your firewall ?
For something to be restored/replicated it would have to have another element to download or create it again, it is at that point a firewall with outbound protection should stop unauthorised connections.
You need permissions to be able to insert files in system folders and create registry entries, etc.
Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.
Can you send the samples to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can use Alwil FTP server as a second way to transfer only big files. Upload them to ftp://ftp.avast.com/incoming (please, note that you won’t have READ access to the ftp server, just write - so you won’t even be able to see what you’ve just uploaded).
Thanks.