Worm.Win32.Fujack-k detected by avast how to get rid of it help please?

Hi there,

i have not been on the forum for a long time as i have not really had any probs until last night when bitdefender was downloading updates to the main program and i was booking my holiday on line easyjet!.all sudden avast flagged up that Worm.Win32.Fujack-k,so i put in chest,stopped bitdefender,shut internet down unplugged cable,looked in the avast chest for more info,it seemed it was bitdefender update pack and unpack that brought the virus in?,corrupted bitdefender file?,who knows?,the 2files 32256 bytes long.
Thinking about it a bit i decided to unistall bitdefender completely and check in the registry for all entries and everywhere else too and remove them,deleted the infected files in the chest,disabled any bitdefender services in msconfig ect ect,used crap cleaner and fixed any issues,used advaced registry cleaner to clean registry so far so good.

I then turned off system restore on all drives,shut down pc re-booted into safe mode,done scan with avast,spybot,a2 squared,nothing found.

Bootup normally scan again avast,a2,spybot(bt the way all progs up to date with latest definitions,also with avert stinger nothing found,enable restore.
I have done some research myself once all seemed ok after all the scans- for info on the Worm.Win32.Fujack-k it seems it came from china from virus writer called viking,there is no removal tool that i can find on any site i went to like symantec,sophos,avira,f-secure,kapersby i spent 7 hours on it!.

Looking in task manager at processes no bitdefender processes running on/off line,in msconfig i have disabled unchecked boxes that i am unable to remove…1/ Bitdefender scan server,2/ desktop updater,3/ comminicator from and there is no trace now in the registry.

Sorry long winded explanation but the more info i can give better for you if you can advise.

I have windows XP HOME EDITION SP2,MOZ FFOX,INT EXPL 7.0,AVAST HOME,COMODO FIREWALL,SPYBOT,A2 SQUARED,A2 ANTI-DIALER,PROCESS GUARD,VERISIGN,WINPATROL i THINK GOOD PROTECTION?.

My question after all this is this,is there anywhere/location i haven’t looked at?,is there anything else i need to do?,how can i be sure that the worm/trojan is eradicated,could it come back?,so far it hasn’t!,its only been today.

Finally I do not know if its related but i do get my desktop rebooting everytime i open say my pictures,my documents,some times i lose all the desktop icons including start menu and taskbar just end up with blue screen,or i get get active white desktop page appear recovery i lose all my desktop picture,to restore it i have to go to task manager and go new task explorer.exe and then all the desktop items appear,anaother time the desktop will reboot and all the icon wil reaapear back ok,weird?,sometimes the pc will just shut down indeterminetley,however it has not done so since removing bitdefender,by the way i only have avast as my main av resident guard program,bitdefender just as alternate av scanner.
Hope you can help and advise done all i know.

Thanks

Southern Man

Hi Back again-just as a concern could the worm/virus have copied my credit card details as i was booking my flight with easy jet at the time it was http site and secure verisign ect?,should i do anything in case?

southern man

Sounds like avast! detected an unencrypted virus signature in the BitDefender virus definitions rather than a real virus.

You could try a registry scan with TuneUp Utilities and see if that helps with your other problem. (Free trial.)

http://www.tune-up.com/products/tuneup-utilities/

Agree with Frank
Does Bit Defender forum have info on this behaviour - False Positive?
you could scan with malwarebytes anti malware and Super anti spy (both free) for a second opinion

with mbam update scan put a check next to any hits and click REMOVE SELECTED- a backup will be made

with SAS update, CLEAN and Quarantine post log but edit out cookies

these two scanners (and Spybot and a-squared) are good just have around- use no resources unless activated

you can also read the stickie at the top of this forum involiving hijack this and post a log

anything to help you sleep easier :slight_smile:

THANKS FRANK AND WRMRIDER FOR YOUR ADVICE-I WILL DO AS YOU BOTH SUGGESTED,WILL GET BACK TO YOU AND LET YOU KNOW HOW I GET ON.

PS.DO YOU THINK ITS GOING OVER THE TOP TO CANCEL MY CREDIT CARD?

REGARDS

SOUTHERN MAN

PS.DO YOU THINK ITS GOING OVER THE TOP TO CANCEL MY CREDIT CARD?

Just a bit.

(Take that as British understatement. ;))

By the way, if you’re getting BSOD’s (Blue screens of Death) note the error message and Google it because it may indicate an underlying hardware problem, or a driver problem.

Thanks for that tip frank i´will do just that cheers…

:slight_smile: Hi :

Cancelling Credit Cards would be when a “Backdoor Trojan” has been
“Detected” ; however, it would be wise to Contact your credit card company
about what happened to see IF “Flagging” your Account for “Unusual” Charges
or some similar “technique” might be warranted !?

I agree, Cancelling your credit cards is the only option. In fact, you may have to lock your bank account in case the worm copies your account number, password, and info which is a privacy threat.

The malware name should be Win32:Fujack-K [Wrm].

Hi frank th[quote author=FreewheelinFrank link=topic=39110.msg328319#msg328319 date=1223233964]

PS.DO YOU THINK ITS GOING OVER THE TOP TO CANCEL MY CREDIT CARD?

Just a bit.

(Take that as British understatement. ;))

By the way, if you’re getting BSOD’s (Blue screens of Death) note the error message and Google it because it may indicate an underlying hardware problem, or a driver problem.

Thanks frank for the help,re-the desktopp rebooting and losing all the desktop items and start menu in other words NO windows explorer,when i look at the “windows explorer needs to close” message when i look at the technical info report there is loads of messages reperts,do i google all the messages there is a lot?

regards

southerm man

:slight_smile: Hi :

To check for “Remnants” of “Fujack”, I saw an Expert malware-fighter
recommend the use of Kaspersky’s Online Scanner, available at
www.kaspersky.com/virusscanner , with the following “Instructions” :

Answer Yes, when prompted to install an ActiveX component.
The program will then begin downloading the latest definition files.

Once the files have been downloaded click on NEXT

Locate the Scan Settings button & configure to:
Scan using the following Anti-Virus database:

Extended
Scan Options:
Scan Archives

Scan Mail Bases

Click OK & have it scan My Computer

Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan .
Thanks frank for the help,re-the desktopp rebooting and losing all the desktop items and start menu in other words NO windows explorer,when i look at the "windows explorer needs to close" message when i look at the technical info report there is loads of messages reperts,do i google all the messages there is a lot?

I was thinking of BSOD error messages, as you siad you’d got blue screens:

http://articles.techrepublic.com.com/5100-10878_11-6053684.html

If you can post your “windows explorer needs to close” message here, I’m sure somebody will know what it means.