Re: Help on Agobot worm
From: Wanderer (wanderer_at_yahoo.com)
Date: 06/30/04
- Next message: seehar: "Re: help! nasty virus that wont let me run antivirus software!!"
- Previous message: Malke: "Re: help! nasty virus that wont let me run antivirus software!!"
- In reply to: Malke: "Re: Help on Agobot worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 1 Jul 2004 00:00:57 +0800
I tried to use an online antivirus detection called Pandasoft and it was
able to detect and disinfect a virus named w32/gaobot.ox.worm,
w32/gaobot.md.worm and w32/gaobot.ur.worm and virus:exploit/iframe. What's
baffling is that even after it says it was disinfected, AVG still is showing
this virus called Worm Agobot.17.h.
I was able to find the file netscvs.exe. Actually AVG indicated where the
file is found however when I used the 'search' function on Windows explorer
it wasn't able to find it. Anyway I was finally able to detect the file. At
first every time I try to delete the file (by right click the file for
deleting) it won't allow because AVG was blocking and saying that I should
use AVG to disinfect. My AVG is up to date but inspite of it, it was only
able to detect and said that it can't be deleted even when I try to click on
'move to vault'. What I did then is to deactivate AVG then try to delete
the file and it was a success. On that same folder there's also a file
named atiphexx.exe and winmon32.exe and I noticed that both files are dated
June 27. I decided to delete both of them as well.
My question now is, did I do it right? I'm presuming that the files are non
essential to the operating system. Are deleting those files enough to
completely eliminate the virus? I tried to use AVG to detect again and this
time it says no virus found. Same with Pandasoft. Is my computer clean
already from the activities a I did above.
Thanks again for your help. What a relief it would be if it is finally
over. I just wonder if it has caused any damage to my computer.
"Malke" <malke@nospoonnotreally.com> wrote in message
news:uwfYCJqXEHA.2408@tk2msftngp13.phx.gbl...
> Wanderer wrote:
>
> > I don't know what variant it is but AVG says its Agobot.17.h which is
> > on a
> > file named netnscv.exe. When I tried to search that file on windows
> > explorer it didn't come out. I have WIndows XP. I have no idea what
> > is
> > scanning in safe mode. Is there a downloadable anti-virus that
> > detects and
> > deletes it. I hope there's a solution and that this virus isn't
> > causing
> > havoc. So far I don't know the effect of this virus nor how I got it
> > when I don't think I opened any malicious file.
> > Thanks.
> >
> Go into Safe Mode by repeatedly tapping the F8 key as the computer is
> starting up. That will get you to the right menu. In Safe Mode, go to
> Folder Options in Control Panel and the View tab. There you can uncheck
> the two options to hide hidden operating systems files and the one to
> show file extensions. Be sure you've set your Search options to
> Advanced and to look in hidden files. This will enable you to a) scan
> with AVG (using updated definitions, I hope); b) delete the netnscv.exe
> file. You may have gotten the file if you didn't have updated
> definitions for your av, or if you aren't running a firewall, or if you
> didn't get to Windows Update and patch your system, or all of the
> above.
>
> Let me know if that works for you.
>
> Malke
> --
> MS MVP - Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
- Next message: seehar: "Re: help! nasty virus that wont let me run antivirus software!!"
- Previous message: Malke: "Re: help! nasty virus that wont let me run antivirus software!!"
- In reply to: Malke: "Re: Help on Agobot worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
