Hi,
I’ve used the question list from Polonus to tell the general story of my current situation. I’ll also post a HijackThis log. (DSS log also available).
PC BSOD’d in my regular profile. Could only boot into Safe Mode, so HiJack this and DSS were run in Safe Mode and in my Admin profile. Let me know if this causes a problem.
- How was it detected? What was scanning, you yourself or the back-ground scanner? When did the message occur on a download, unzipping, opening a file, mail or mail-attachment, etc.?
PC Configuration: Dell PC 1420, Vista, auto-updates via Windows Update. Latest updated version of Avast home edition running, along with Windows Defender, Threatfire, AVG Antispyware Free. (Ran manual scans using all of these within last 4 days in Normal Mode, found nothing)
PC bluescreened while typing composing an email message. Had IE7 and Outlook open along with a couple of PDF files. Before BlueScreen disappeared it mentioned something about a problem in Win32 and that it was creating a MEMORY.DMP file to help diagnose the problem. Machine restarted in safe mode. I logged in then shut down normally. Then restarted in normal mode. BSD again right after clicking to open IE7. Restarted in safe mode. Shut down normally. Rebooted again in normal mode. BSD again immediately. Restarted in Safe. Attempted to scan with Threatfire but on demand scanner wouldn’t initialize. Started Avast scanner - full scan. 50% done, got VIRUS FOUND notice.
Win32:VB-DAJ [Wrm]
found in: c:\windows\MEMORY.DMP
type: virus/worm
VPS version 080607-0, 06/07/2008
Recommeded: Move to Chest.
Clicked to “move to chest” and got error:
“Virus Chest Server is not running. RPC Communication failed. Cannot process c:\windows\MEMORY.DMP file.”
- What was the source of the file, where did the file come from?.: e.g. address, URL, source.
The MEMORY.DMP file was created when the machine BSD’d. I’ve had several BSD’s during the past week.
- When was it downloaded or received?
N/A
- What is the exact file name with extension.
MEMORY.DMP (as far as I can tell - virus scan is stopped at 50% because I don’t know what to do since the “move to chest” function won’t work and I have not tried deleting the file yet in case it’s needed for diagnoses)
- What was the exact wording of the message that the AV program came up with? This is important for later.
Win32:VB-DAJ [Wrm]
found in: c:\windows\MEMORY.DMP
type: virus/worm
VPS version 080607-0, 06/07/2008
Recommeded: Move to Chest.
Clicked to “move to chest” and got error:
“Virus Chest Server is not running. RPC Communication failed. Cannot process c:\windows\MEMORY.DMP file.”
- Now go back and do nothing yet. Scan the particular file once again with your AV product.
A. The message is in the same wording: maybe positive alert
B. If the message is not in the same wording or the scan does not find up anything this could be a false positive.
HAVE NOT DONE THIS YET - wasn’t sure what to do when Avast stopped after finding virus and i couldn’t use the Virus Chest.
- Check with an on line scanner or update to jotti for a second opinion. Jotti resides at http://virusscan.jotti.org/
HAVE NOT DONE THIS YET - wasn’t sure what to do when Avast stopped after finding virus and i couldn’t use the Virus Chest.
- Go get informed ask a Virus Encyclopedia or Virus Central, put a question on a forum.
NOT FOUND - Virus name from Alert Notification is not found anywhere.