WORM_BEREB.B

How do I get rid of this virus/worm?

http://www.techsupportforum.com/computer/topic/13096-1.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BEREB.B

I got it through WinMX when downloading a zip file. Interesting how Avast4Home did not pick it up with the resident sheild. :cry:

And the on-demand did detect it?

I have isolated the file as “SVCKERNELL.COM”. It also created a folder called “startrwin” and places “startrwin” in the WINDOWS folder.

SVCKERNELL.COM is listed in the processes (in Windows 98SE) when I press ctrl-alt-del…ONLY BEFORE Windows completes loading my desktop. I caught it intime to find out what the forign startup program was called. I think it tries to hide itself.

Should I send it to you VLK? I’ve never tried sending a virus before?? ???

VLK: Let me try a THOUROUGH scan option first.

Yes please zip the file with a password and send it (together with the password) to the address

virus (AT) avast (DOT) com

The analysts will take a look at it.

Thanks
Vlk

VLK :slight_smile:

I sent the virus to them in a password protected .ZIP file.

Thanks for you help.
the virus was later detected… but the resident on access sheild did not… despite it being a .EXE entension.

This information was helpful from TrendMicro:

Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
Taskmanager = “C:\Windows\taskmgr.com”
OR
Svckernell=”c:\windows\svckernell.com”
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.

The svckernell.com was in my registry. I removed it.

Just a curiosity: have you installed Norton SystemWorks (or NAV) anytime - even in the past - in your computer?
It messes your registry and you would be in danger with on-access scanning of .exe files…

You can read more here.

Steele you may also consider moving the On-Access scanner sensitivity slider to the High position. Otherwise, the files are not usually scanned unless they’re executed (i.e. the virus is trying to activate).

That’s a good idea. Thank you VLK! ;D

Also, I sent my virus into avast. There going to add it into furture detections A.S.A.P.

~Steele Wolf~

Also no. I have NEVER used another AntiVirus product.

A did a recent clean install of XP then just installed AVAST4HOME. ;D

Norton? ???
Yuck! :o
Never!! ;D