Re: Elusive trojan Haher - RAV replies

From: anikya (anikya_at_faked_anikya.com)
Date: 02/16/04


Date: Mon, 16 Feb 2004 10:04:51 GMT

The verdict is out.

RAV very quickly gave me 2 answers:

1. "The file is infected with Trojan:Win32/Haher." Yes, they call it a
trojan.

2. "Usually you cannot clean those files, because the whole file contains
the malware, and the solution is to remove the malware (the file) manually.
Before doing this you may have to remove any references to those files from
SYSTEM.INI file (this file in in your Windows directory, i.e. C:\WINDOWS).
After a reboot all should be ok."

I'm not sure I should delete/remove a file called wextract.exe in
windows\system32.

Please someone help: go to RAV online and scan your System32 files and see
if they find any Haher in your wextract.exe, too.

anikya

"anikya" <anikya@faked_anikya.com> bl
news:pQoWb.471933$X%5.234919@pd7tw2no g...
> I'm really at my wits end.
>
> RAV online found win32/haher a trojan in my computer.
>
> Following is the report:
> C:\WINDOWS\SYSTEM32\wextract.exe - Trojan:Win32/Haher -> Infected
> C:\WINDOWS\SYSTEM32\dllcache\wextract.exe - Trojan:Win32/Haher -> Infected
> C:\System Volume
>
Information\_restore{98BDF40A-19C4-4B43-B477-27F9F90D580A}\RP313\A0056340.ex
> e - Trojan:Win32/Haher -> Infected
>
> RAV is unable to clean the infected files. Their tech support wrote back
to
> say I need to find some other way to remove it.
>
> I've run every online scan and quite a few trial version AV programs but
> none reported this infection.
>
> Digital Patrol has haher in their database, but does not catch it in their
> scan.
>
> Why is RAV is the only prog to id this trojan? Is it because it "unpacks
> executables"?
> Are there other programs that would scan inside .exe, too?
>
> The following page
> http://vil.nai.com/vil/content/Print100513.htm gives instructions on how
to
> remove this virus. It requires manually going into sys config and MS-DOS,
> but does not instruct on how.
>
> What can I do?
>
> anikya
>
>
>



Relevant Pages

  • How "Reliable" is RAV??
    ... Yesterday I did a scan at RAV, ... and found 3 Swen infected files. ... TrendMicro (clean) AVG NAV/on my computer ...
    (microsoft.public.security.virus)
  • Re: Klone Virus
    ... but don't forget that you NEVER can prove the absence of malware)! ... | A simple clean reinstall wiping all disks ... | case of a Trojan it's NOT sufficient to remove the Trojan, ... to clean a compromised system; according to the above mentioned articles ...
    (microsoft.public.security)
  • Re: Trojan - please help
    ... Never occurred to me RAV may not be updated, since it was online scan. ... This trojan is supposed to produce flashes. ... Outgoing mail is certified Virus Free. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Elusive trojan Haher - RAV replies
    ... > the malware, and the solution is to remove the malware ... go to RAV online and scan your System32 files and see ... >> none reported this infection. ... >> remove this virus. ...
    (alt.computer.security)
  • Elusive trojan Haher
    ... RAV online found win32/haher a trojan in my computer. ... Following is the report: ... none reported this infection. ...
    (alt.computer.security)