Hello avast!!!
From today I’m receiving notification that my computer
infected with win32:warezov-ABO, i tried to remove it with avast, spybot, and
ad-aware but nothing helps. I also performed boot-time scan this also didn’t help.
Please tell me what can i do this notification keeps alarming me.
I assume it was avast that notified you of this warezov-ABO infection ?
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ? Check the avast! Log Viewer (right click the avast icon), Warning section, this contains information on all avast detections.
What actions have you taken to try and resolve the problem (move to chest, etc.) ?
Why can’t it be moved, what errors are you getting ?
Is it not detected on the boot-time scan ?
Hello again
Yea avast informed me about the infection
The file that is infected is c:windows\syssvchost.exe[upx]
During the boot-time scan avast didn’t found the file
but after it had alarmed again.
There were no errors when i moved the file to chest.
Thank you
So after moving it to the chest, the file is gone, a boot-time scan won’t find it, yet when you continue after the scan it alerts to the same file and location, correct ?
If so it would appear you have something restoring the file, probably an undetected trojan downloader and when it downloads a file it is detected. This may not be completely correct as a) your firewall (which is?) would hopefully block the connection b) the web shield should detect it being downloaded before it gets to our HDD.
In any case something is restoring it or masking other elements.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
- Ewido, a.k.a. avg anti-spyware If using winXP. or a-Squared free if using win98/ME.
If the above don’t find anything try these:
- BlackLight - It can detect rootkits like Rootkit Revealer but can also remove them. http://www.f-secure.com/blacklight/
- Panda Rootkit Cleaner - http://research.pandasoftware.com/blogs/research/archive/2006/12/14/Rootkit-cleaner.aspx
Thanks
I downloaded the software from avg as you told me, and i hope it worked
it found a worm.
Thanks again
Bye bye
What was the file name and location ?
It would have been nice if on detection you were able to isolate it put it in the AVG-AS quarantine (or manually add it to the User Files section of the avast chest) and send the sample to avast. It won’t hurt to scan with the other programs, remembering to isolate and send to avast if possible.
Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.
Welcome to the forums.