Win 32-Hawawi-F worm Help Please

Viruses and worms
1

I have a Win32-Hawawi-F worm in my system\smtp.ocx file. Avast will not fix or delete this file and when I attempt to delete or rename it myself, it will not allow me to. How do I fix this problem? Any assistance is very much appreciated.

2

Hi Zaria,

That’s strange, that virus is on the Avast definition list… are you up to date with the virus database.

What happens when you try to perform any action on the file ?. There have been one or two comments in the forum lately with problems of cleaning out files… perhaps it is related and your input may help.

Walker.

3

You should start your PC in windows safe mode and let Avast scan your drive again. Now it should be able to delete/move the mentioned files, remember the filenames!. Afterwards you should search your registry for the filenames and delete the references to them.
Some infos to “your” Virus:
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=Hawawi-f&product=1

(edit: modified link)

4

Hi Raman,

Can I ask, what ‘type’ of viruses should be handled that way?. It’s something I’ve never thought of… well never had too ;D

Also, curious 8) , what does it mean on that link site when some of the entries are marked ‘undetected’ by Adwil. Is this when it’s a generic virus?.

Thx,
Walker.

5

You can do it that way with most “standalone” malware like Trojans, Backdoors or worms. But you have tofind out first if it doesn´t modify “dangerouse” things in the registry, like “shell open commands” for exefiles.

what does it mean on that link site when some of the entries are marked 'undetected' by Adwil. Is this when it's a generic virus?.

No, that means that Avast just not find these viruses( Vgrep update 08/2003!). Generic in this context mean, that some AV-Firms choose a signature that will match with more variants of that virus. It covers more Variants with only one signature. So it is able to tell you that the file is infected, but not which Variant it is.

6

Yep, this is what I meant by generic.

Great info, thanks Raman. I guess I’ve been lucky so far :slight_smile: anything I have caught has been dealt with by Avast without safe mode… now I wish I hadn’t been so smug 8) ;D

7

Hi Zaria,

Update Avast or go to www.sysmantec.com