Can anyone suggest (in simple language) how can I get rid of this worm?
My computer’s memory is infected, and even I either delete it or ‘move to chest’ by Avast - it reappears on the next start of the computer.
I have it a few days now and every time I scan (by pass scan as required by Avast) I count more ‘restore’ files infected…
What is the infected file name, where was it found e.g. (C:\windows\system32\infected-file-name.xxx) ?
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.
There is likely to be another hidden/undetected element to the infection that is restoring the file or downloading it again.
If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, ‘Schedule boot-time scan…’ Or see http://www.digitalred.com/avast-boot-time.php.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode and report the findings (it should product a log file).
It is hard to say that with any degree of certainty as the generic (the -gen bit) signature by its nature could be almost anything, added to that the {other} suffix goes further into the undefined category.
Generally file infecters are viruses, but again not hard and fast.
That is why the file name and location are very helpful in pinning it down and virustotal should also give some hits on other aliases (what other AVs call it).
Here are the infected files as copied from the warning log:
17/09/2008 18:21:49 1221664909 SYSTEM 1308 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebt.dll” file.
17/09/2008 18:23:49 1221665029 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebr.dll” file.
17/09/2008 18:24:34 1221665074 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebt.dll” file.
17/09/2008 18:24:34 1221665074 יעקב 3760 Sign of “Win32:Trojan-gen {Other}” has been found in “c:\program files\applications\iebtmm.exe” file.
17/09/2008 18:45:51 1221666351 יעקב 1320 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebt.dll” file.
17/09/2008 18:46:49 1221666409 יעקב 1320 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\Applications\iebtmm.exe” file.
During the secondary scan (what is it called? - blue screen) it also anounced that:
C:\system volume information_restore…long list of numbers…is infected (about the same amount of files as above).
Thanks a lot to those who’ve taken the time to reply. I have to learn how to do part of the things you wrote.
Lets not lose sight of what alerted you to the problem and any single program isn’t going to give 100% protection.
So the programs I suggested SAS and MBAM you should install as secondary on-demand scanners that you periodically update and run.
If there is any doubt about the system volume information restore points you should clear it out so that in the future if you use system restore you aren’t effectively reinfecting your system. Disable system restore on all drives, reboot, do a scan with avast and the other applications and if clear, enable system restore, that will create a clean restore point.
Well, I just rebooted for the first time after using the http://onecare.live.com/site/en-ph/default.htm?mkt=en-ph and for the first time in about a week I saw no sign of the virus. So, I think (and hope) that the problem is solved.
My knowledge of computers is next to nothing (apart from the use of them) so the last advice is something I know nothing to do it.
I just hope that the way I stand now is final.