win32:Archivarius.A

According to Virustotal online scan service,

it seems, that avast, in opposite to most other AV,

missed this P2P distributed virus from February.

there should be somewhere in virus a t avast.com my sample…

Thanks. Hope they give some priority to improve detection of this one.

Archivarius.A

Threat Level I

Damage II

Distribution I

Common name: Archivarius.A

Technical name: W32/Archivarius.A.worm

Threat level: Medium

Type: Worm

Effects: Its main objective is to spread via P2P networks and affect as many computers as possible. In order to do so, it makes copies of itself using attractive names in the shared directories of several P2P programs, in order to deceive users making them think they are inoffensive.

Affected platforms: Windows 2003/XP/2000/NT/ME/98/95

First detected on: Feb. 24, 2008
Detection updated on: Feb. 27, 2008
In circulation? Yes
Proactive protection: Yes, using Antivirus Softwares
Brief Description
Archivarius.A is a worm whose main objective of Archivarius.A is to spread via P2P networks and affect as many computers as possible.

In order to do so, it makes copies of itself in the shared directories of certain P2P programs using attractive names. These files pass themselves off as interesting applications or pirated software, so that the user is not aware that the downloaded file is malicious.

Visible Symptoms
Archivarius.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.

In the case of removal of archivarius.a the following points are important:

How to eliminate viruses and other threats completely from the restore folder

  1. Log on as the Administrator or with the details of the user that has administrator rights.
  2. Click with the right button of the mouse on My Computer.
  3. Select Properties.
  4. Click System Restore.
  5. Check the Turn off System Restore or Turn off System Restore on all drives checkbox.
  6. Click Apply and then OK.

How to reactivate System Restore option

  1. Click with the right button of the mouse on MY Computer.
  2. Select Properties.
  3. Click System Restore.
  4. Disable the Turn off System Restore or Turn off System Restore on all drives checkbox.
  5. Click Apply and then OK.

After completing these steps, Please download Malwarebytes’ Anti-Malware from here: http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. A log is being opened (mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
* Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly,

polonus

Hehe, as a graduated chemist I appreciate your avatar, Tech.
previous baby was great too.

Fortunately I did not “catch” it, I am curious when my avast start detecting my local zip sample.
I posted it to Avast virus mailbox (encoded ) twice, on Wednesday and today ( Friday ) in the morning…