Hi!
This virus detected drweb. It Avast! not found.
Help me
Method of Infection
It can’t self-propagate. It is likely that the system could be infected when a user downloads an executable file and runs the file. It usually comes from email, IM programs, and/or download centers. It is possible that it is installed by other malicious software (worms, viruses and trojan horses).
Symptoms after Execution
[Creating Files]
It creates following file(s) in the Windows folder.
- SVIQ.EXE (57,344 bytes)
- dc.EXE (57,344 bytes)
It creates following file(s) in the Windows system folder.
- dc.EXE (57,344 bytes)
- WinSit.exe (57,344 bytes)
It creates following file(s) in System\config folder.
- Win.exe (57,344 bytes)
It creates following file(s) in Windir\inf folder.
- Other.exe (57,344 bytes)
It creates following file(s) in Windir\Help folder.
- Other.exe (57,344 bytes)
(Note) Depending on the MS Windows version, Windows system folder’s location may differ. Generally, the location is C:\Windows\System for Windows 95/98/ME, C:\WinNT\System32 for Windows NT/2000, or C:\Windows\System32 for Windows XP.
[Adding a Windows Registry Entry]
It adds the following value in Windows registry to be executed whenever Windows starts.
HKEY_CURRENT_USER
HKEY_CURRENT_USER
Microsoft
Windows NT
CurrentVersion
Windows
run = Windows system folder\config\win.exe
HKEY_CURRENT_USER
HKEY_CURRENT_USER
Microsoft
Windows
CurrentVersion
Run
Run = Windows system folder\dc.exe
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Run
dc2k5 = Windows system folder\sviq.exe
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Run
Fun = Windows system folder\fun.exe
[Server List]
d#######.g##########.com
Most of the information I got from a Google search indicates this virus is mostly in the Orient as most of the results were in Japanese, Korean, etc. Of course, it will spread elsewhere.
When avast can delete Win32.HLLW.Olala? It progresses in epidemic.
Help!
PS I’m can delete hands, but it will not stop epidemic.
If you run Dr.Web CureIt, won’t you be able to remove all the infection?
If you use BitDefender on-line, can’t you remove all the infection?
Hope avast improve detection of this one soon…
You need to send a copy of the sample to avast so that it can be analysed and added to the detections.
If you are not getting a virus warning that you believe is a new, undetected virus then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces), or send from the chest (after adding it to the User Files section of the chest).
Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
DavidR, thanks
I sent the message with inquiry about the help to me.
PS Tech™, I know about Dr.Web CureIt, but offset then avast?
Thanks all! avast now detects a virus! Now his name is Win32:VB-EUR [Wrm]
No problem, a belated welcome to the forums.
Thanks for the feedback on the inclusion of the worm in the signatures.
Keha -
I am sure all the avast! team appreciates your help in adding this worm to the database … and welcome to the forums! 