I wonder if anyone has had a similar problem when connecting their tomtom to the system.
Avast 4.7 Pro displays an alert for 2 files on the tomtom (copy.exe & host.exe)
Below are the logs:
SYSTEM 1580 Sign of “Win32:Perlovga” has been found in “F:\copy.exe[MEW]” file.
Tony 1240 Sign of “Win32:Perlovga” has been found in “F:\copy.exe[MEW]” file.
Tony 1240 Sign of “Win32:Small-BTX [Trj]” has been found in “F:\host.exe” file.
SYSTEM 1580 Sign of “Win32:Perlovga” has been found in “D:\TomTom\HOME\Backups\GO\Backup01\Storage\copy.exe[MEW]” file.
SYSTEM 1580 Sign of “Win32:Small-BTX [Trj]” has been found in “D:\TomTom\HOME\Backups\GO\Backup01\Storage\host.exe” file.
As it happens, my systems have been newly reinstalled and have had protection on them before connecting to the 'Net. The tomtom is out-the-box.
An hour ago, I discovered the "\copy.exe “Win32:Perlovga” on a PC that other people than I, used to work on at work. I was trying to download some files from my USB memory to their PC. I noticed that 3 files were created on my USB and the copy.exe was one of them. the other two (if I remember well) were:
host.(forgot the extension) and (forgot the name).inf
Of course, all PCs at work are protected by Avast Pro. So I am not sure how this horrible virus was able to find its way to the PC. I said horrible because it has the power to master almost everything… strating from Avast by stoping its internal scanners and even preventing it to reboot since also the shutdown/restart of XP are not responding!
The only way I found to restart the infected PC was by a hardware reset. Then, as usual, I choose to go to the safe mode with the hope to reactivate Avast… till now XP (or another program) is running (HDD LED is blinking) before the opening of safe mode.
I also noticed that the virus in copy.exe has an extended ability to spread itself over all memory areas (mainly their root) as RAM, HDD and equivalent external ones (including my USB ;D ). when re-scanning my USB memory on my personal PC, Avast was able to dectect the created infected files (in my case 3 files) and deleted them (actually sent to chest).
When at last, the infected PC went on to its safe mode, I noticed that also Avast did its job (as set… by just log in aswboot the names of the infected files on C).
The result is (copied by hand ):
Scan of C:
File C:\copy.exe [MEW] is infected by Win32:Perlovga
File C:\host.exe is infected by Win32:Small-BTX [Trj]
File C:\RECYCLER\S-1-5-21-11…\Dc153.zip\COMCTL32.OCX
Error 42125 {ZIP archive is corrupted.}
File C:\WINDOWS\svchost.exe is infected by Win32:Small-BTX [Trj]
File C:\WINDOWS\system32\temp1.exe[MEM]
is infected by Win32:Trojano-DJ [Trj]
File C:\WINDOWS\system32\temp2.exe
is infected by Win32:Small-ABY [Trj]
File C:\xcopy.exe\ [MEW] is infected by Win32:Perlovga
A note:
If C:\copy.exe is deleted (for example when asked by Avast),
the C:\ cannot be opened and a pop message says:
"cannot find “copy.exe… etc”
To restore the ability to open C: (under the control of our dear virus ;D ) I copied back the file “copy.exe” from its image on another HD root (using DOS command xcopy).
Temporary solution:
Since “Spybot - Search & Destroy” is also installed I cancelled 2 programs to run at startup which are:
SOUNDMAN.EXE
THGuard.exe (demo date is expired since a few days!)
After reboot, Spybot asked to add again SOUNDMAN to the startup list… naturally I refused… so an HP window (since they use an HP printer) popped up looking for things (I don’t remember)… soon after Spybot found another request which is to " load" temp2.exe… I also refused it and put it as permanent.
Apparently things seem to run normal but not 100%. I don’t like to bother you with more details.
Finally I wonder if just letting Avast to delete, at boot scan, the above 7 files, the PC would recover from his illness without any side effects. Perhaps it could be as simple as that ???
Kerim
To our dear main members:
Should I start another topic for “Perlovga” or it is okay to continue here? Thank you.
Why I don’t test?.. good point… If one has no one to ask first.
For example, as a circuit designer, the only teacher I still have to advise me when in trouble is TEST (by its results). So at work… I test a lot… to prove that my work is good (after being most of the time wrong ) … Where I live, I am the only one to know what I am creating and no other foreign professionals in electronics have time to discuss matters with me ;D
Returning to the case here… yes… as you said… sending files to Chest is safer.
by stoping its internal scanners and even preventing it to reboot since also the shutdown/restart of XP are not responding!
