Beavis.4350

  • Thread starter Thread starter Leen Wouters
  • Start date Start date
L

Leen Wouters

Hello all,

One of my friends has a virus on his computer, called "Win32/beavis.4350".
The anti-virus software detects it by finding 2 files ie Explorer.new and a
"*.tmp" file.
When we just delete this files, rebooting the computer just puts them back
and the virus still does its "thing".
When he starts explorer.exe (to launch the desktop) at startup, the screen
stays black.
Workaround then to start the Task Manager and launch explorer as a new task
but we would like to get rid of this virus all together.

Can 't find anything on the anti-virus sites, because the only "beavis"
virus they tell about is "beavis & Butthead" and doesn 't have a removal
instruction.
I also checked the registry to see wheter this explorer.new was ran instead
of explorer.exe to start the desktop, but I can 't fight any reference of it
in the registry.

Can anyone help me ??

Thanks in advance.
Leen Wouters.
 
And what was the Anti Virus software that declared the files as infected with
"Win32/beavis.4350" ?

--
Dave




| Hello all,
|
| One of my friends has a virus on his computer, called "Win32/beavis.4350".
| The anti-virus software detects it by finding 2 files ie Explorer.new and a
| "*.tmp" file.
| When we just delete this files, rebooting the computer just puts them back
| and the virus still does its "thing".
| When he starts explorer.exe (to launch the desktop) at startup, the screen
| stays black.
| Workaround then to start the Task Manager and launch explorer as a new task
| but we would like to get rid of this virus all together.
|
| Can 't find anything on the anti-virus sites, because the only "beavis"
| virus they tell about is "beavis & Butthead" and doesn 't have a removal
| instruction.
| I also checked the registry to see wheter this explorer.new was ran instead
| of explorer.exe to start the desktop, but I can 't fight any reference of it
| in the registry.
|
| Can anyone help me ??
|
| Thanks in advance.
| Leen Wouters.
|
|
|
 
Beavis (and variants are true viruses) and could be nasty.

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt406.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

--
Dave




| AVG anti virus software.
|
|
| | > And what was the Anti Virus software that declared the files as infected
| > with
| > "Win32/beavis.4350" ?
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Hello all,
| > |
| > | One of my friends has a virus on his computer, called
| > "Win32/beavis.4350".
| > | The anti-virus software detects it by finding 2 files ie Explorer.new
| > and a
| > | "*.tmp" file.
| > | When we just delete this files, rebooting the computer just puts them
| > back
| > | and the virus still does its "thing".
| > | When he starts explorer.exe (to launch the desktop) at startup, the
| > screen
| > | stays black.
| > | Workaround then to start the Task Manager and launch explorer as a new
| > task
| > | but we would like to get rid of this virus all together.
| > |
| > | Can 't find anything on the anti-virus sites, because the only "beavis"
| > | virus they tell about is "beavis & Butthead" and doesn 't have a
| > removal
| > | instruction.
| > | I also checked the registry to see wheter this explorer.new was ran
| > instead
| > | of explorer.exe to start the desktop, but I can 't fight any reference
| > of it
| > | in the registry.
| > |
| > | Can anyone help me ??
| > |
| > | Thanks in advance.
| > | Leen Wouters.
| > |
| > |
| > |
| >
| >
|
|
 
will do.


David H. Lipman said:
Beavis (and variants are true viruses) and could be nasty.

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt406.zip

Extract the contents of the ZIP file and place the contents in the same
directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as
possible
4) Using the Trend Sysclean utility, perform a Full Scan of your
platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and
re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~
600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

--
Dave




| AVG anti virus software.
|
|
| | > And what was the Anti Virus software that declared the files as
infected
| > with
| > "Win32/beavis.4350" ?
| >
| > --
| > Dave
| >
| >
| >
| >
| > | > | Hello all,
| > |
| > | One of my friends has a virus on his computer, called
| > "Win32/beavis.4350".
| > | The anti-virus software detects it by finding 2 files ie
Explorer.new
| > and a
| > | "*.tmp" file.
| > | When we just delete this files, rebooting the computer just puts
them
| > back
| > | and the virus still does its "thing".
| > | When he starts explorer.exe (to launch the desktop) at startup, the
| > screen
| > | stays black.
| > | Workaround then to start the Task Manager and launch explorer as a
new
| > task
| > | but we would like to get rid of this virus all together.
| > |
| > | Can 't find anything on the anti-virus sites, because the only
"beavis"
| > | virus they tell about is "beavis & Butthead" and doesn 't have a
| > removal
| > | instruction.
| > | I also checked the registry to see wheter this explorer.new was ran
| > instead
| > | of explorer.exe to start the desktop, but I can 't fight any
reference
| > of it
| > | in the registry.
| > |
| > | Can anyone help me ??
| > |
| > | Thanks in advance.
| > | Leen Wouters.
| > |
| > |
| > |
| >
| >
|
|
Click to expand...
 
Leen Wouters - 15.02.2005 20:02 :
will do.
Click to expand...

why oh why do you unnecessarely quote all the (~140!) quotinglines of
Davids posting again? Oh what an ill-considered usenet behavior wasting
time and bandwidth. Grrr. Please, think about. Thanks.
 
still the same result: when logging on to windows XP, the desktop stays
black and we have to launch it by running explorer with the task manager.

anymore ideas ?

Thanks.
Leen Wouters.
 
Create a new account and logon. See if that new account's desktop is in order.

--
Dave




|
| still the same result: when logging on to windows XP, the desktop stays
| black and we have to launch it by running explorer with the task manager.
|
| anymore ideas ?
|
| Thanks.
| Leen Wouters.
|
|
 
Leon:

Please note that this News Group has a charter {
http://www.stormpages.com/eaegis/antivirus.htm } and it prohibits posting attachments. In
the future, use the News Group; alt.binaries.comp.virus to post the attachment and
reference it here in; a.c.a-v or the sister group a.c.v or post on a web site and
reference the URL.

Found 71 viruses totally.
TROJ_DLOADER.BB
TROJ_BISPY.B
TROJ_AGENT.AAB
TROJ_IEFEATS.O
TROJ_IEFEAT.U
TROJ_DLOADER.BP
TROJ_AGENT.KT
TROJ_DLOADER.BN
TROJ_FAVADD.A
TROJ_STARTPA.A
BKDR_AGENT.AD
DOS_AGOBOT.GEN

You have an extensive list of Trojans, an Agobot Denial of Service and a Backdoor agent.

If you have created a new account, logged into the new account and stiff have desktop
problems then it *may* be a situation that your OS has been corrupted and it could require a
WinXP repair-install.


I hope some peers jump-in with other offers of information.

--
Dave




| Doesn't help.
| It is not really that the desktop is not in order. When windows launches the
| desktop, the desktop briefly appears (foor halve a second or so) and then
| turns black until you launch the desktop or explorer.exe manually.
|
| I 'll attach the sysclean.log. Maybe you can get any wiser out of this !
|
| Thanks for your help.
| Ciao.
| Leen Wouters.
 
Just in case you have non-viral malware...

1) Download the following item...

Adaware SE (Free personal version)
http://www.lavasoftusa.com/

2) Update Adaware with latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using Adaware SE, perform a Full Scan of your platform and clean/delete
any parasites found.
6) Restart your PC and perform a "final" Full Scan of your platform using Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave
 
Please submit the file(s) indicated as infected with Beavis to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

--
Dave







| Still no luck.
| Any other suggestions ?
|
| Thanks.
| Leen.
|
|
 
Leen:

Do you have a directory on the PC called; %windir%\isrvs with a DLL called, sysupd.dll ?

--
Dave





| Still no luck.
| Any other suggestions ?
|
| Thanks.
| Leen.
|
|
 
Back
Top