??? I was using AVG Free Anti Virus software before and it didn’t removed or healed that WORM Virus! It won’t even “Move to virus vault” The infected file was c:\windows\system32\dllhost.exe… Anyway, what I did was I uninstalled that AVG and installed yours. Well, still the same result, it was not removed but the good news is it was moved to the “VAULT”. My question is, what will be the effect of just moving an infected file in a vault? By the way, can I completely remove dllhost.exe in my XP? Thanks in advance! Nice product you have here!
Be aware: c:\windows\system32\dllhost.exe is a systemfile not a Virus/Worm!
The Nachi Worm would be located in c:windows\system32\Wins\Dllhost.exe
this is (as raman said ) a system file. please scan your computer with housecall and let us know the results ( the new trend engine is great!!! )
http://housecall.trendmicro.com
(the new trend engine is great!!! )
huh ? :o
Godzilla trend has a new engine 6.810. This is a huge update as the old scan engine was over 11 months old.
BTW nice name Im a big Godzilla fan too 8)
To Raman: the location (c:\windows\system32\dllhost.exe) that I posted is actually the infected file… I was NOT referring that it it was the virus!
Thanks for the response, I’ll do the “housecall” right now.
yes i know that of course, but what should be new on this engine ?
It lacks the same old issues - for instance polymorph viruses.
Godzilla, i believe there not many real polymorphic virusses and trojans.
Most of the time the dropper is polymorphic but not the payload.
(just like with the nasty Russian Donald Dick tojan).
So when the trojan drops his pakket, the resident scanner (or on-demand like in Trends housecall) of the AV will catch it.
Tell me if i’m wrong
Kind regards,
Waldo
no youre right waldo
You did learn this from me in the wilders forum right ? Maybe you know me under the name xor ;D
This Dropper is the SMorph Dropper and this Dropper isn’t even polymorph. He has a bug inside so that you have always the same pattern of bytes in the first 2 k of each file
This means you need just to look for 2 different short scan strings combined with some other bytes to avoid false positives.
This would not be possible if it was a real polymorphic type.
I did wrote some kind of tutorial on wilders how to detect this “polymorphic” Dropper if i remember right it was in the TDS section.
Hi! I just finished scanning for viruses in Trend Micro’s housecall and it found ZERO traces of any viruses… Did AVAST solved the problem? I am confused, I have a copy here of Norton 2003, should I install this and get rid of Avast? :
Thanks for the replies!
I do remember reading it somewere, could be indeed at Wilders.org.
Knowledge has to come from somewere isn’t it ? ;D
btw : Welcome Xor ! (i know your a regular at Wilders)
Kind regards,
Waldo
Hi! I just finished scanning for viruses in Trend Micro's housecall and it found ZERO traces of any viruses... Did AVAST solved the problem? I am confused, I have a copy here of Norton 2003, should I install this and get rid of Avast?
no im sure A update will be made IF its a virus and not a false positive
What makes you think that you are infected? That dllhost.exe (in system32)is a Systemfile.