Win32Kuang2 Worm/Virus ??

Hi, I recently visited a site that offers “Free” spy/adware scans.

I started to follow their instructions, and had just started to download what I think was supposed to be an Active X controller that was required to run the scan when Avast! went nuts, and started flashing that contaminated notice sign and said that I had a virus.

It listed it as: MalWare Name: Win32Kuang2 Type: Virus/Worm VSP version0526-4,07/01/2005

I have had this same thing in the past and had previously cleaned it from my system.

However, this time I am not sure where it went as avast did not get to clean it due to a system hang and crash that occurred at that same time, and avast has not reported finding it again.

Does anyone have any ideas as to where I could look for this thing to see if it is still in my system?

If an avast tech happens to read this, please contact me as I would like to provide avast with the URL that I went to for them to check it out and see if I was getting a false positive.

Bye Wendy

I think this is related to false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Unfortunatelly, a well-known problem of Panda not encrypting its signatures :stuck_out_tongue:

OK, thanks for the info. I have been read all over the place and I think that what avast reported was the panda thing.

I had left out that tidbit of info so as not to cause any undue harm to panda, but it looks like they are harming themselves, so now I will say that it was at there online site that this had happened.

So I would like to know How can I do an online scan with panda active scan, without upsetting Avast?

Thanks Wendy

I’ve read this:

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).

You can add the detected files to the Exclusion list of Standard Shield Advanced tab of settings.
You can add them to the Exclusion list for on-demand scanning too (just choose ‘Program Settings’ into the system icon tray menu > Exclusions).