Re: W32.alcra.c REMOVED FINALLY!!!

From: "URCS" <johngalt@xxxxxxxxxxx>

| Re: Keep getting reinfected ....
| not really ..
| kept getting REinfected by the same virus. During the entire time I
| had the virus I was not even connected to the net. Cat5 outta the
| rear end.
| When it came to getting the files for AV.exe, done on a different
| machine and thumb drived over.
| That is what was weird about this infectrion .... although it could
| not be found by ANY of the virus checkers, even when on as a slave on
| different machine, it kept propagating.
| It HAD to have had something to do with the quarantine section of NAV.
| NAV was not able to delete that file in quarantine.
| And again, I reitrerate, the Symantec site lists this as an "easy"
| removal. I followed theirs and the steps listed here and no virus was
| found to remove.
| Maybe I am the only one that will have this situation. But if not, at
| least the next guy will have my notes as reference, too.
| Thanks for everything, techs. I appreciate your help.
| Don in Tucson
| AizA

Thios is a worm so re-indfection is totally possible IF your AV software is NOT up-yo-date
and you don't use a FireWall application and/or an appliance.

You listed this as; "W32.alcra.c" This could be a new variant and thus what is lised under
the removal instructions is NOT accurate. The fact it was etected as "W32.alcra.c" but had
different charachteristics is not new to any AV vendor. They can only provide information
based upon the samples they have received. The signatures however may find the infector
without the infector being the exect match in the library.



Relevant Pages

  • Re: W32.Galil.C@mm virus update...
    ... the indicated infector or "other". ... | registry so I'm assuming that I don't have the virus. ... | remove the infector if NAV can't. ...
  • Re: Virus w32/klez.h@mm
    ... If you know that much about the virus, you must have run an anti virus ... But NAV takes a conservative approach and doesn't ... automatically assume that an infected file is the infector. ... FWIW, if the file is infected with Klez, then it is Klez. ...
  • Re: Yet another way to obtain a virus. New virus disguised as PayPal e-mail
    ... there is nothing new about this kind of Human Engineering technique. ... While it doesn't state how the virus is propagated, ... It is a new variant of a relatively new infector, but its techniques are hardly new. ... | Mail Delivery Status Notification. ...
  • Re: Polip.A
    ... There may be other infected computers on the network that ensures that all of the computers are being infected. ... From the very nature of the polymorphism, many AV's purposefully choose not to add polip to their detection, because to emulate the file and fully scan it would consume too much time. ... | recognize a virus called W32.Polip.A. ... I also know that there are instances of False Positive declarations of this infector. ...
  • Re: W32.Galil.C@mm virus update...
    ... > registry so I'm assuming that I don't have the virus. ... > remove the infector if NAV can't. ...