W32/Gnurbulf.B - The malware which caused user can't logon

Dear All,

Does anyone in here ever meet with this kind of malware family : W32/Gnurbulf.B ?

This happened at my friend’s office, when he tried to logon then windows doesn’t display anything and look like stuck at initial windows. If we see the task manager from this infected machine, we can find a lot of userinit.exe at machine processing.
Even we tried to access through safemode, this malware try to block user access.

You may see how Norman try to explain (Bahasa) : hxxp://www.vaksin.com/2006/1006/flu_burung_b2.htm

My question is, whether avast can prevent this worm when user plug their removeable disk or into their network LAN?

cheers,

If Avast! can detect it, it likely WILL prevent it, however if it can’t, it won’t, that’s pretty much it.

Hi,

Thanks for your kindly advice,

Just would like to know if anyone in here if maybe ever meet like this malware before.

cheers,

Hi,

Just for your information, actually this worm has spread since Oct, 5th 2006.
So avast should be able to detect it.

cheers,

Dear All,

Does anyone ever heard and rid this kind of malware previously?

http://paperscom.blogspot.com/2010/05/overcome-virus-w32.html
Scroll down to “Ways of handling on Windows XPadalah briefly as follows”

Signs of an infection with this nasty self-replicating worms are:
Unusual programs appears in the system process list
Downloaded additional malware codes
Compromised files re-creates after manual deletion
Search results being hijacked
Blue error screen and system shutdowns
TrendMicro finds it as WORM_VB.AVH alias: W32/Generic.e,
I find this specific ThreatExpert analysis: http://www.threatexpert.com/report.aspx?md5=2aca735fbca306421acd7a29c9409f4c
Malware on spreading site now closed or dead…

polonus