Re: Ewido, Trojan Hunter Or Both?

From: NonDisputandum.com (webmaster_remove_at_remove_nondisputandum.com)
Date: 04/02/05


Date: Sat, 02 Apr 2005 21:58:33 GMT

On Sat, 02 Apr 2005 22:20:04 +0100, Ann Speakman
<aspeakman@homechoice.co.uk> wrote:

>David H. Lipman wrote:
>> From: "Ann Speakman" <aspeakman@homechoice.co.uk>
>>
>> |
>> | I forgot to mention I do have Spybot and use TeaTimer in my systray.
>> |
>> | It seems to work with Prevx OK,that is there is no apparent conflict.
>> |
>> | Prevx only annoys when you try to download, it gets very anxious. They
>> | have improved things by allowing you to suspend the programme while you
>> | download.
>> |
>> | I find that the settings on Prevx are not easy to understand or set..I
>> | wish they had ticks instead of putting either a black or white dot...I
>> | really am not sure how to set the security on it, but I have it just as
>> | extra protection and update it daily.
>> |
>> | I have McAfee Stinger sitting on my desktop plus the TrendMicro free
>> | scan programme.
>> |
>> | I tried Escan, but it always comes up with one or two nasties, but with
>> | no ability to get rid of them...they are generally spyware, which
>> | hopefully I can get rid of with AdAware or Spybot S&D
>> |
>> | I will look at the AV programme you mention.
>> |
>> | Thanks for your help. It is comforting to know I have dne all the free
>> | things that I can!
>> |
>> | Cheers
>> |
>> | Ann
>> |
>>
>> If you practice Safe Hex then there is no need for all that software.
>> http://www.claymania.com/safe-hex.html
>>
>> You have alot of software listed. Don't complicate your life.
>>
>> What you don't have listed and should have is SpyBot S&D should keep you on-track with the
>> software you already have. You don't need Ewido and/or Trojan Hunter.
>>
>> Stinger is a great tool but, it only targets ~53 infectors and their variants.
>> Stinger should only be used *if* you know you are indeed infected by one of Stinger's
>> targeted infectors.
>> Once done, Stinger should be deleted.
>>
>> TrendMicro Sysclean is a better tool to keep handy than Stinger since it is a
>> Broad-spectrum; virus, Trojan and worm removal tool.
>>
>> You can use the Sysclean Front End utility to keep both SYSCLEAN.COM and the associated
>> Pattern File up-to-date. The Sysclean Front End utility as at the URL --
>> http://www.ik-cs.com/got-a-virus.htm under "Procedure 1"
>> Or you can use the following direct URL --
>> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>>
>>
>Worse news I'm afraid.
>
>I downloaded Clamwin and ran it and got the following report:
>
>
>:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Inbox:
>Worm.Gibe.F FOUND
>
>C:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Junk:
>Worm.Gibe.F FOUND
>
>C:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Trash:
>Worm.Gibe.F FOUND
>
>-- summary --
>
>Known viruses: 32358
>
>Scanned directories: 1762
>
>Scanned files: 25758
>
>Infected files: 3
>
>So now Clamwin has told me I have 3 infected files, but it does not tell
>me how to get rid of the infection!!!
>
>I have "googled" the worm, but cannot find any free programme to get rid
>of it!!
>
>You would think with all my defences it could not have happened!!
>
>Help!!
>
>Ann
>
>
>---
>avast! Antivirus: Outbound message clean.
>Virus Database (VPS): 0513-2, 04/01/2005
>Tested on: 4/2/2005 10:20:04 PM
>avast! - copyright (c) 1988-2005 ALWIL Software.
>http://www.avast.com
>
>

what I found:

You can find a removal tool for SWEN at
http://www.f-secure.com/download-purchase/tools.shtml
The SwenTool is the utility to eliminate Swen (or also known as
Gibe.E)
worm infection and to restore System Registry entries modified by the
worm.
  Download:
ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.zip
  Download:
ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.com
  Readme: ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.txt

but besides that:

gibe.f, that is also known as W32.Swen
Discovered on: September 18, 2003
read:
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

so any antivirus should detect that... weird that Avast did not find
it.. did you perform in safe modus a THOROUGH system scan of your
ENTIRE computer?

I found info from Sophos
http://www.sophos.com/virusinfo/analyses/w32gibef.html
& that they can clean it

Avast says it is in the wild since 2003
http://avast.4cus.ru/i_idt_25.html
http://www.avast.com/eng/viruses_in_the_wild.html

So Avast should detect is,.. like any other antivirus killer

how to avoid the worm:
http://www.sophos.com/virusinfo/articles/gibef.html
(yea, nasty to tell you that after you got infected)

else try Grisoft VCleaner
http://www.nondisputandum.com/html/anti_virus.html

-- 
www.nondisputandum.com - soft reviews:
  freeware to Protect & Clean your PC
  freeware Office tools & Webbuilding aid
+ the Internet Addiction Test ;-)