I am a very novice user of antiviruses, thought i should have start earlier.
I have scan my computer with avast first and found my computer was infected with
win32: vibpack (wrm)
first in programfiles\winupdates\winupdates.exe
I’ve look over the net and have not find any complete info on this worm
I may not did the right thing but i have deleted this file because i was not able to repair it.
I have deleted me temp file to make sure there was no problem also.
after next scan I found it back in:
c:\System Volume Information_restore{C346D86B-B88F-4D89-AC8E-B3FD5C2AF40D}\RP157\A0017584.EXE
Disable system restore, reboot, that will clear all restore points. Do another scan and if all clear, enable system restore again.
It is unlikely that it could repair only certain files are repairable, e.g. files that have been infected (and are monitored/protected by the VRDB), rather than the virus file, which is totally malicious.
It is best to send it to the virus chest, first do no harm and investigate as you have done here by asking questions and searching google (see below), etc. This way if the file has been incorrectly it can be restored from the chest.
A google search for winupdates.exe shows this is likely to be the ‘W32.HLLW.Gaobot.BB’ or ‘Rbot family’ and your OS may be out of date if this was Gaobot.BB as this virus exploits MS vulnerabilities that have long ago been patched. So a visit to windows update is in order.
Ignoring it before knowing if it was a virus is not wise, send to chest and investigate.
I don’t know if by saying ignore it, it is added to the avast exclusions lists and as such won’t be scanned or found. Check the avast exclusions and if it has been added remove it and scan again.
There may be a possibility of a surprise, but we/you will have to deal with that as and when. Do a full thorough scan including archives to confirm, this is likely to take some considerable time as it is very thorough. You could also do an on-line scan using a different scan engine as a double ckeck.
RejZoR’s Website - Security Ops
On-line Virus Scanners and other useful Links Security-Ops.eu.tt
My Avast 4.6-although updated daily suddenly told me that I was infected with Vibpack(the spinning globe had stopped and the Virus Chest disabled)in file C/Program Files/winupdate/winupdate.exe A startup scan by Avast got rid of Vibpack-which had spread to System Restore, and Pagefile. My question is-how did Avast and Microsoft Spyware not stop this worm from getting onto my PC in the first place
Did you set your sensitivity to High or Normal?
Do you have any other antivirus or antispyware monitor (resident) in your computer?
Pagefile.sys could be on the exclusion list (not-scanned).
The System Restore if disabled and then enabled again will be clean.
But, the answer to your question is not that easy…