Win32:kuang2????

:frowning: >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:( >:(

Hi,

I have got this Win32:kuang2 virus om my computer, but I can´t delete it, when I restart my computer a lot of popup windows appear with sex sites, and my desktoppic. is a man with at spiderman tattoo in his but crack… :-[

I can´t use any icon on my desktop, and the START button is not in the left corner, instead it is in his but crack…

Can anyone help me???

Martin (628748)
You are welcome to write to me at this email: lauren@sol.dk

Please read here → http://forum.avast.com/index.php?topic=5373.0, follow the steps and give us the info it requests (windows version, hijackthis logfile, where is the virus found by avast etc)

  • What WIN do you have ? Are all ServicePacks and Windowsupdates applied ? Please CHECK !! I have Windows XP, MS Internet Explorer 6,0 and all windowsupdates and servicepacks are updated…

  • What name does avast give the virus (e.g. like: “Win32:Netsky-P [Wrm]” ) ?
    Win32:kuang2 and Win32:NGVCK-E and JS:Classloader-6

  • Where exactly was the infected File found (full path/folder/filename, e.g. like c:\Windows\system32\virusfile.exe) ?
    You’ll get this info from the Alert/PopUp window or from avast’s report/Log-files. If you can’t start avast, look for the info in the logfiles in the avast (sub-)folders and
    in the EventLog of Win XP / 2000: Controlpanel → Administration → Event-log

Sign of “Win32:Kuang2” has been found in “http://www.pandasoftware.com/ActiveScan/as5/motor.cab\imscan.dll” file.

Sign of “Win32:Kuang2” has been found in “C:\System Volume Information_restore{2962B5F5-CE85-47F2-9A89-08415DE3C955}\RP260\A0037576.COM[UPX]” file.

Sign of “Win32:Kuang2” has been found in “C:\Programmer\ACE Mega CoDecS Pack\Anti-Virus\Quick Remove\PAVCL.COM[UPX]” file.

Sign of “Win32:NGVCK-E” has been found in “C:\Programmer\ACE Mega CoDecS Pack\Anti-Virus\Quick Remove\PAV.SIG” file.

Sign of “JS:Classloader-6” has been found in “C:\Documents and Settings\Martin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv480.jar-3d101f41-3017222b.zip” file.

I hope that is what you are asking for?

Martin

These are false detections as per panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
Sign of "JS:Classloader-6" has been found in "C:\Documents and Settings\Martin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv480.jar-3d101f41-3017222b.zip" file.

This is not a false positive, ensure that you are using the latest version of Sun’s JAVA.

Cleare your browser cache and temporary files, including the JAVA cache.