possible virus???

  • Thread starter Thread starter Mr. F.
  • Start date Start date
M

Mr. F.

I think I got a virus but I can't find it. I downloaded one of those
newsgroup files about some hot chick nude. I didn't open the file because I
knew it was a virus. The file was a .pif file. All I did was right click
on the file to look at its properties and when I did that Explorer crasher
and now I don't have administrator privileges and scanning for the visus
finds nothing. I use AVG antivirus (up to date), tried nortons online scan
as well as another with no success. Could someone help me out. Thanks.
Scott
 
I think I got a virus but I can't find it. I downloaded one of those
newsgroup files about some hot chick nude. I didn't open the file because I
knew it was a virus. The file was a .pif file. All I did was right click
on the file to look at its properties and when I did that Explorer crasher
and now I don't have administrator privileges and scanning for the visus
finds nothing. I use AVG antivirus (up to date), tried nortons online scan
as well as another with no success. Could someone help me out. Thanks.
Scott
Click to expand...

Possibly a trojan. Try
Spybot http://www.safer-networking.org/index.php?page=mirrors
CWShredder http://www.merijn.org/files/cwshredder.zip

If that does not work, call back with as much information as possible.

Taff..........



www.sounds-pa.com | www.thecomputerworkshop.com
 
Please repost with more information, including why you think you no
longer have "administrator" privileges.

Ben
 
Mr. F. said:
I think I got a virus but I can't find it. I downloaded one of those
newsgroup files about some hot chick nude. I didn't open the file because I
knew it was a virus. The file was a .pif file. All I did was right click
on the file to look at its properties and when I did that Explorer crasher
and now I don't have administrator privileges and scanning for the visus
finds nothing. I use AVG antivirus (up to date), tried nortons online scan
as well as another with no success. Could someone help me out. Thanks.
Scott
Click to expand...

I believe it is the new Dumaru varient,

According to SARC,

W32.Dumaru.AH@mm has a polymorphic dropper, which drops and runs the
file C:\nload.exe when running. The dropped file nload.exe is 28,020
bytes in size and is compressed with FSG. This file contains the worm's
email routine. When nload.exe runs, it does the following,

1. Creates a file %Windir%\TEMP\photo.jpg, and launches explorer.exe
to load this file, which is a graphic. (the "hot chick" you speak of)

Regards, Ian Kenefick
 
I believe it is the new Dumaru varient,

According to SARC,

W32.Dumaru.AH@mm has a polymorphic dropper, which drops and runs the
file C:\nload.exe when running. The dropped file nload.exe is 28,020
bytes in size and is compressed with FSG. This file contains the worm's
email routine. When nload.exe runs, it does the following,

1. Creates a file %Windir%\TEMP\photo.jpg, and launches explorer.exe
to load this file, which is a graphic. (the "hot chick" you speak of)

Regards, Ian Kenefick
Click to expand...

Do a search in your Windows directory (& subdirectories) for:

dllreg.exe"
load32.exe"
Vxdmgr32.exe"

If you find them lurking in there, you're infected with W32.Dumaru@mm

If so, try downloading this the removal tool from here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.removal.tool.html

and do as the instructions recommend.

Regards,

Mick
 
Back
Top