VIRUS INFESTATION!! - kuang2

hi guys! i just got my AVAST!home edition today and i am pleased with what i got!

AVAST is really much better than NORTON! Norton sucks!

I started scanning my computer for viruses, and found out that I have a huge(around a hundred or more) number of files that are infected by the “Kuang2” virus… and right now AVAST! says it can’t repair it… so i moved them to the chest… is it recommended that i delete the infected files? WHAT DO YOU GUYS THINK I SHOULD DO?!? sorry if seem to ask stupid questions but i really need help… i don’t know much about viruses and i have some very important files on my computers and i don’t want them to get junked by these viruses!

i’m really pissed with Norton2004! my computer’s perfomance really dropped and now i find out that there’s this kuang2 virus that wasn’t detected at all by norton!

WHAT DO YOU SUGGEST I SHOULD DO GUYS? I REALLY NEED SOME ADVICE

and i read about turning off the system restore, do i have to do that to?

ANY REPLY WOULD BE GREATLY APPRECIATED!!! ;D

Hi,

we need more info to help you…

usually KUANG is just a false alarm in Panda-AV-files (see boardsearch) , but a hundred files seems a bit much for this…

what WIN do you have ? Are all ServicePacks and Windowsupdates applied ?

Where exactly were the infected Files found initially (full path/folder/filename, e.g. c:\Windows\system32\virusfile.exe) ?
or give the folder names, and some filename examples with extensions

see avast Reports/logs for this…

test the file with OnlineScanners e.g. from Trend, RAV & KAV (see below) to get a more specific name & to test for false alarm
(you need to temporarily pause AV-Resident Shield/Monitor/Guard to be able to scan the file online)

-Secure your system:
change passwords, secure shares, install patches/updates for WIN&IE;
disable ActiveX and Scripting in IE except for know secure sites - and better use a secure browser like Opera or Mozilla

  • scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro/RAV to check whether your PC is clean :wink:

Further Details and Links via the board search above

tnx whocares for your time!

well, i ended up reformatting my whole computer and backed up my files in CDs…

so in short i cleaned up, i was really frustrated with that Norton2004…

there was really a big difference when i got AVAST!.. usually when i reformat my comp, i get the message “system will shutdown in 60 seconds” when i connect to the internet… SURPRISINGLY… when i installed AVAST! and connected to the internet, i didn’t get that message anymore!!! what a saver! it somehow prevented me from getting that error from the internet not like with NORTON!

i am really impressed with AVAST! and it’s almost hard to believe that all of these are free! is this thing really for free!!!..if yes, WOW!

one more question, is it bad to reformat a PC often? would that somehow wear off my hard drive causing it to be damaged? 'cos i’ve formatted my PC for at least 5-6 times when i first got it… tnx for all your help! ;D

Usually, you should backup the Windwsupdates/security patches BEFORE formatting;
and then apply them BEFORE first connection to the internet, or update behind a properly configured firewall (evem activation of XP’s built-in firewall should be enough for this…)
Otherwise, you’ll be hit/infected by a network worm in next to no time again…

As to formatting…
it wears the harddisk, but not too much, I’d guess…; BUT:

  • you should configure your PC securely, so that you don’t GET any viruses/malware anymore…
  • when you always format, you don’t know through which security hole the virus/malware entered your PC, and it’ll probably happen soon again…

→ see above board search, too :wink:

I seem to have that same problem with Kuang2 (the virus?). F-prot (freeware, dos) & Antivir = no viruses, no trojans.

Registry: Search assistant > ACMru > 5603 >
000 = webcache.exe (this sounds familiar…)
001 = K2logas (…and this too)

Search assistant > ACMru > 5604 >
000 = Kuang (Oh, what might this line mean ?..)

Kuang2 logger AS uses registry value “K2logas”, but there’s no “K2logas.exe” file anywhere. There’s no “webcache.exe” either.

Oh man, this is getting confusing. Which Kuang is it ?

I just realized: I used “search” and it tried to go internet. And now I find “Kuang” from there. Hmmm…

I think I gotta get rid of this thing at once.

Click on the link in my signature and follow the instructions on the malware removal section. Your system seems to be infected. Let us know if that solved the problem.

Yes but not by Kuang. “BV:Sl-2 found”

I deleted ev’ry line (from registry) that had to do something with Kuang (“webcache.exe”, “K2logas.exe”, “kuang”). Disabled System Restore, uninstalled AntiVir and installed Avast!.

None of those (registry values) came back as I rebooted and tried “search” again. But it didn’t try to go internet this time.

By the way, I remember now: F-Secure Internet Security 2004, when I had it (my ½ license ended), “saying” something about a “trojan downloader”, which could not been deleted or removed, so it was renamed. I think these registry values were pieces of that.