win32.fason

I just got nuked by the worm win32.fason
Avast did not protect me with the latest definitions.

What to do? Is there an uninstaller for this worm?

Some further info…

It relates to this virus:

http://tinyurl.com/ewnax

(poor online translation)

Hi Starfighter,

See for removal here:
http://www.virusbuddy.com/i-worm.win32.fason-computer-virus-1820.html

polonus

Although the translation is poor, it indicates an email attachment as the means of delivery and care has to be taken with any email attachment, especially unsolicited or unexpected (even from friends email addresses, they can be forged) and never open them from the email, save the attachment to your hard disk without opening it and upload it to a multi-engine AV scanner at: VirusTotal - Multi engine on-line virus scanner Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive.

Help prevent or limit damage by denying permissions. Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Thanks DavidR and Polonus,

The email did not contain a file attachment… It just contained links… Clicking on the link downloads a trojan/worm…

I was silly for me to click on the links. The person that “sent” the email was a friend of mine who is Portugese, so I thought the email was legit… WRONG!!! Lesson learned.

It is unfortunate that you got caught, but as you say a lesson learned. Friends can also get infected and send out emails or the email address can be faked. So email links should be treated in the same way as attachments with caution and investigation, especially form unsolicited email.

Now there are many social engineered emails that seem fine and give links that appear to go to known sites, which could be phishing links.

I can’t remember if you use XP or not so I put the DropMyRights info in previously as I think that since the link was in an email, if that was run under dropmyrights then I think it should also have stopped/limited the potential damage.

Thanks DavidR – the info about dropmyrights is excellent, and I’ll use it.

I have several computers… the one that got infected had Win98SE (fully patched). However, I also have a WinXP SP2 box which I’ll immediately set up with the dropmyrights proceedure. A very wise way of going about it (limiting admin rights etc).

I truly appreciate the excellent help provided by so many kind souls on this forum. :slight_smile:

Your welcome.