Re: Ewido, Trojan Hunter Or Both?

From: NonDisputandum.com (webmaster_remove_at_remove_nondisputandum.com)
Date: 04/02/05


Date: Sat, 02 Apr 2005 21:58:33 GMT

On Sat, 02 Apr 2005 22:20:04 +0100, Ann Speakman
<aspeakman@homechoice.co.uk> wrote:

>David H. Lipman wrote:
>> From: "Ann Speakman" <aspeakman@homechoice.co.uk>
>>
>> |
>> | I forgot to mention I do have Spybot and use TeaTimer in my systray.
>> |
>> | It seems to work with Prevx OK,that is there is no apparent conflict.
>> |
>> | Prevx only annoys when you try to download, it gets very anxious. They
>> | have improved things by allowing you to suspend the programme while you
>> | download.
>> |
>> | I find that the settings on Prevx are not easy to understand or set..I
>> | wish they had ticks instead of putting either a black or white dot...I
>> | really am not sure how to set the security on it, but I have it just as
>> | extra protection and update it daily.
>> |
>> | I have McAfee Stinger sitting on my desktop plus the TrendMicro free
>> | scan programme.
>> |
>> | I tried Escan, but it always comes up with one or two nasties, but with
>> | no ability to get rid of them...they are generally spyware, which
>> | hopefully I can get rid of with AdAware or Spybot S&D
>> |
>> | I will look at the AV programme you mention.
>> |
>> | Thanks for your help. It is comforting to know I have dne all the free
>> | things that I can!
>> |
>> | Cheers
>> |
>> | Ann
>> |
>>
>> If you practice Safe Hex then there is no need for all that software.
>> http://www.claymania.com/safe-hex.html
>>
>> You have alot of software listed. Don't complicate your life.
>>
>> What you don't have listed and should have is SpyBot S&D should keep you on-track with the
>> software you already have. You don't need Ewido and/or Trojan Hunter.
>>
>> Stinger is a great tool but, it only targets ~53 infectors and their variants.
>> Stinger should only be used *if* you know you are indeed infected by one of Stinger's
>> targeted infectors.
>> Once done, Stinger should be deleted.
>>
>> TrendMicro Sysclean is a better tool to keep handy than Stinger since it is a
>> Broad-spectrum; virus, Trojan and worm removal tool.
>>
>> You can use the Sysclean Front End utility to keep both SYSCLEAN.COM and the associated
>> Pattern File up-to-date. The Sysclean Front End utility as at the URL --
>> http://www.ik-cs.com/got-a-virus.htm under "Procedure 1"
>> Or you can use the following direct URL --
>> http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
>>
>>
>Worse news I'm afraid.
>
>I downloaded Clamwin and ran it and got the following report:
>
>
>:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Inbox:
>Worm.Gibe.F FOUND
>
>C:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Junk:
>Worm.Gibe.F FOUND
>
>C:\Documents and Settings\Ann1\Application
>Data\Thunderbird\Profiles\qw6nbw37.default\Mail\pop.homechoice.co.uk\Trash:
>Worm.Gibe.F FOUND
>
>-- summary --
>
>Known viruses: 32358
>
>Scanned directories: 1762
>
>Scanned files: 25758
>
>Infected files: 3
>
>So now Clamwin has told me I have 3 infected files, but it does not tell
>me how to get rid of the infection!!!
>
>I have "googled" the worm, but cannot find any free programme to get rid
>of it!!
>
>You would think with all my defences it could not have happened!!
>
>Help!!
>
>Ann
>
>
>---
>avast! Antivirus: Outbound message clean.
>Virus Database (VPS): 0513-2, 04/01/2005
>Tested on: 4/2/2005 10:20:04 PM
>avast! - copyright (c) 1988-2005 ALWIL Software.
>http://www.avast.com
>
>

what I found:

You can find a removal tool for SWEN at
http://www.f-secure.com/download-purchase/tools.shtml
The SwenTool is the utility to eliminate Swen (or also known as
Gibe.E)
worm infection and to restore System Registry entries modified by the
worm.
  Download:
ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.zip
  Download:
ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.com
  Readme: ftp://ftp.europe.f-secure.com/anti-virus/tools/swentool.txt

but besides that:

gibe.f, that is also known as W32.Swen
Discovered on: September 18, 2003
read:
http://securityresponse.symantec.com/avcenter/venc/data/w32.swen.a@mm.html

so any antivirus should detect that... weird that Avast did not find
it.. did you perform in safe modus a THOROUGH system scan of your
ENTIRE computer?

I found info from Sophos
http://www.sophos.com/virusinfo/analyses/w32gibef.html
& that they can clean it

Avast says it is in the wild since 2003
http://avast.4cus.ru/i_idt_25.html
http://www.avast.com/eng/viruses_in_the_wild.html

So Avast should detect is,.. like any other antivirus killer

how to avoid the worm:
http://www.sophos.com/virusinfo/articles/gibef.html
(yea, nasty to tell you that after you got infected)

else try Grisoft VCleaner
http://www.nondisputandum.com/html/anti_virus.html

-- 
www.nondisputandum.com - soft reviews:
  freeware to Protect & Clean your PC
  freeware Office tools & Webbuilding aid
+ the Internet Addiction Test ;-)


Relevant Pages

  • Re: HELP! About:Blank Problem
    ... Maybe she might not be able to access the AV web sites but we don't know until she replies. ... At least the web sites represent the ~100,000 known infectors. ... Stinger is NOT a investigational tool. ... If there wasn't a license issue, I would tell *ALL* how to download and use the McAfee ...
    (microsoft.public.security.virus)
  • Re: Trojan remover also removed SYS files/info Cant connect Internet
    ... | Download Stinger from here and run it to make sure that A-V-disabling ... It would be better to download to another machine and put on the ... McAfee/AVERT Stinger only targets ~54 infectors and their variants, ... the Multi AV Scanning Tool provides DOS scanners as ...
    (microsoft.public.windowsxp.general)
  • Re: Stinger updates
    ... How do I keep Stinger ... > worms, and their respective infectors. ... > The only way to update Stinger is to download the latest version since the ... > command line scanners from McAfee and Sophos. ...
    (microsoft.public.security.virus)
  • Re: I picked up a trojan from a website, can anyone help?
    ... AVAST is free. ... Stinger is NOT an investigative tool. ... Since it only targets some 40 or so infectors, ... indicated to be used when one of the targeted infectors has been found. ...
    (microsoft.public.security.virus)
  • Re: Virus prob need HELP please
    ... None of the infectors that were shown in that list are targeted by Stinger. ... | I think you need to get a different virus protection. ... | Download, Update & Run each one of these and delete everything they find. ...
    (microsoft.public.security.virus)