What is Win32: WareZov-Q? Avast found this one, but cannot remove it.

My laptop keeps sending outgoing mail as soon as I connect to internet? How can I remove this worm? I already run Avast, but no virus found. Thanks!!!

I suggest, as usually:

  1. Disable System Restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
  4. Use a-squared, ewido or Spyware Terminator (trojan removers).

Other thing is using TCPView from www.sysinternals.com to see which application is connecting and trying to send mails…

  1. Do you have a firewall as this should stop unauthorised internet connections, if so what is it ?

What is your OS ?
If you have XP or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, Menu, ‘Schedule boot-time scan…’

If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode, Ewido anti-spyware If using winXP. or a-Squared free if using win98/ME.

I also have a worm similar to this one. It seems to be a variant of this…

http://www.symantec.com/security_response/writeup.jsp?docid=2006-091012-5303-99&tabid=1

Finding it difficult to completely remove as avast does not seem to recognize it when running boot time scans.

Just a small note about Warezov: It's been busy. Seems like it's been on some kind of binge since Sunday. It's back on the wagon as of this morning having reached the AA variant. We'll see how long it takes to run though another set of letters.

Information and a video of the malware in action here:

http://www.f-secure.com/weblog/archives/archive-092006.html#00000966