win32.sillydc help appreciated

A friend asked me if i would put some music on his ipod and when I plugged the ipod in, norton (which I run for my firewall as i prefer it to windows) popped up saying it detected win32.sillydc under status it says removed but when reading up on it, It says the virus can load back up in the hkey registry and recommended I do a full scan. My norton is out of date so it wouldn’t allow me to do this. So i decided to do some independent scans to see if i was ok. First i scanned with housecall.trendmicro.com and it didn’t find anything. I then installed and did a scan with “ESET NOD32 3.0” and it found nothing. A friend then suggested I try “avast! antivirus Home Edition 4.8” which I installed after I removed NOD32, I currently have avast installed (and like it very much I must say, Though it also didn’t detect anything) but then some one else told me i need a registry scanner for something like this cause it can come back at anytime. It was only detected that one time off the usb port that the ipod was on, and the above scanners didn’t detect this. Is my computer still infected or am I just being paranoid?

My computer runs on windows vista Home premium service pack 1
system type: 32-bit operating system

the virus was discovered on j:\fun.xls.exe (which was the ipod)

Any help/advice is greatly appreciated, Thank you all very much in advance.

It looks like you have WORM_VB.CIU according to Trend Micro.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CIU&VSect=Sn

Try Dr. Web CureIt (On-demand only).

You also need to uninstall Norton by using the Norton Removal Tool.

If you don’t register, avast will work the trial version for 60 days.

Can you send the suspicious/infected file to virus@avast.com ?
You can zip and password the files… Inform a link to this thread and the password used.
You can send the files to Chest and, from there, resend to Alwil for analysis.
Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders’ to manage the file(s).

I scanned with the Dr.web and after a four hour scan it found nothing either. If I could send it I would tech but the only know location of it is on my friends ipod and he’s not here (not that I’d want to plug his ipod in again…lol). The location was j:\fun.xls.exe which is a removal usb port, I cant send anything from it because theirs no media there and I haven’t had any antivirus pick up on it since norton said it blocked it the first time. I will be checking in later for your guys/gals kind advice. Thank you very much.

I suggest you install
USB FireWall 1.1.3 http://net-studio.org/application/usb_firewall.php

Ok I downloaded the usb firewall and ran it and it has come up as everything being clean.

It’s not to scan, but to protect you when you install an USB drive… it will block the virus dissemination.

Oh ok thank you for the clarification. If I may ask a question, If the scanners aren’t picking anything up and the norton firewall that I had before said it was blocked. Is there any chance that it actually did block it? and that it didn’t ever get to infect any files?

Yes, there is such chance.
Maybe you can run a full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

Thanks. I have already scanned with trendmicro and ESET NOD32, I will try kaspersky and bitdefender if both of those scans come back clean is it safe to assume I’m in the clear?

Yes… more than this is paranoid ;D

I think I am just being paranoid. Trendmicro, ESET NOD32 3.0, avast! antivirus Home Edition 4.8, Dr. Web CureIt,and kaspersky haven’t detected anything. I also installed USB FireWall 1.1.3 that tech suggested and it hasn’t found anything(though its not a scanner thanks tech :D). I think that my computer is pretty safe now. Thank you for your help Jtaylor83 and Tech, From one happy paranoid computer user.

I ran a trendmicro scan and it says the usb firewall you had me dl tech is a mal_otorun5 or worm_autorun

The problem is that some tools designed to combat something often get tarred with the same brush.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

ok I did that and these are the results.

Antivirus Version Last Update Result
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.19 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.19 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.18 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.19 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6154 2008.10.17 -
Ewido 4.0 2008.10.19 -
F-Prot 4.4.4.56 2008.10.19 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.498 2008.10.18 -
Kaspersky 7.0.0.125 2008.10.20 -
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.19 -
NOD32 3536 2008.10.19 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.19 -
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 -
Rising 20.66.62.00 2008.10.19 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 Mal_Otorun5
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1427 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.19 -

So it looks like a false positive by TrendMicro ???