Hello everyone!
I have this thing on my computer. Can see it in Peerguardian during startup and just random times during the day (IANA - Multicast (041106) 17300 Kuangthevirus2, B). Get most hits when using bittorrent clients. So how do I remove this Trojan? I did a full scan with avast but it didn’t find anything. Tried to use Advanced Administrative Tools and scan the ports but found nothing…
Please help me.
Elias
Stockholm, Sweden
It is possible that it could be a false positive of peerguardian (haven’t heard of this before). You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.
im using WinXp Sp2 latest build
Avast virus database 0517-0
i havent found any infected file yet. Should I try a scheduled scan instead and autoremove bad, corrupted & infected files? Last time i scheduled all what happend was a lot of files being corrupt but no action. And it did not find any virus.
i dont know what to do so I havent done much, tried online scanners though, trendmicro I think but nothing…
thx…
Elias
Where does PeerGuardian say it is “Can see it in Peerguardian during startup”?
Jotti is a single file examination using multiple scanners, it is easy to use, click on the blue text and visit the site and see what you need do (you do however need to know where it is on your HDD).
Scheduling a scan will achieve little as you have said avast didn’t find anything and deleting corrupted files isn’t worth while, they aren’t being reported as infected, only that they can’t be scanned.
Are you using avast’s P2P Shield or are you only using PeerGuardian?
I’m using peerguardian and Avast pvsp at the same time. The online scanner:“Down for maintenance, please come back in a few minutes” so I’ll try later. But I don’t know were it its…
Peerguardian shows just attacks being blocked. Attacks from my IP to 239.255.255.250:1900 at this very moment. Also from 127.0.0.1:1042 to 239.255.255.250:1900 & my IP to 244.0.0.22.
Any advice?
Elias
Check out this Google search for 239.255.255.250 there are lots of hits.
This one seems good http://www.webservertalk.com/message466482.html and lots of other hits mention uPnP (Universal Plug and Play), this is an XP service that you don’t really need and can be a vulnerability. It has nothing to do with the regular windows PnP, it is about connecting/sharing resources (like printers, etc) over the internet. See blackviper.org about XP Services and they advise disabling the uPnP service.
You can use “UnPlug n’Pray” by Steve Gibson for that (http://grc.com/unpnp/unpnp.htm)
hi
Tried the program and “unplugged” the service. I still get messages saying that 80.216.20.1:67 is trying to connect to 255.255.255.255:68. Its good but that wasnt the problem.
i don’t know what to do… I connected to the online scanner and scanned svchost. It wasn’t infected. dont know what else to scan.
Elias
You need to identify the is responsible, either from your firewall/router logs or, get this utility that was mentioned in the link that I gave you.
Extract from webservertalk.com link info:
Get TDIMON.EXE from http://www.sysinternals.com/ and see what is being loaded that uses the IP multicast address of -239.255.255.250
Kuang 2 in others cases its a false alert from avast with panda active scan files…
In this case it has nothing to do with the panda active scan files and is not a false positive detected by avast but by peerguardian as ‘starter’ said in his original post.