Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?

From: TexasJac (TexasJac_at_discussions.microsoft.com)
Date: 09/19/04

• Next message: TexasJac: "RE: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Previous message: André: ""File not found" when NTVDM loads AUTOEXEC.NT..."
• In reply to: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Next in thread: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Reply: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 19 Sep 2004 14:17:02 -0700

Thanks. I followed your instructions. It says I'm clean.

McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2
The Virus XXX" but nothing about having blocked the attempt.

I believe this is an inbound probe and all the other ports state:
"The firewall has blocked an attempt to access this port."

I'm still not sure if I have it or not.

Jac
"David H. Lipman" wrote:

> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> Are you using McAfee's FireWall ? Your post isn't clear. It is possible that the FireWall
> is is providing a False Positive declaration.
>
> Read map's reply, it is apropos. I don't know who told you to or why you tried Stinger
> becuase it does NOT target the Kuang virus so that was COMPLETELY worthless.
>
> Your post indicates you used the McAfee Command Line Scanner. If you were infected, it
> surely woould have found it !.
>
> Follow the below instructions, if the Kuang is NOT detected than you are misinterpreting
> something and you are clean.
>
> 1) Download the following two items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend signature files.
> http://www.trendmicro.com/download/pattern.asp
>
> 2) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
> 3) Reboot your PC into Safe Mode
> 4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
> clean/delete any infectors found
> 5) Restart your PC and perform a "final" Full Scan of your platform
> 6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
> 7) Reboot your PC.
> 8) If you are using WinME or WinXP, create a new Restore point
> 9) Please report back your results
>
> Dave
>
>
>
>
>
>
> "TexasJac" <TexasJac@discussions.microsoft.com> wrote in message
> news:B5D8B6BE-34B6-43A3-9761-3CA04796BD4A@microsoft.com...
> | I have the most current versions of McAfee VirusScan Online and Personal
> | Firewall Plus. Virus Scan DOES NOT detect this virus, but Firewall lists it
> | in the top port activity when I click "test my firewall".
> |
> | I have been trying for about 17 hours straight to get rid of it without any
> | success. I have used the directions at McAfee.com support to boot to the
> | command prompt and use SCAN / ADL / CLEAN ALL / REPORT REPORT.TXT
> | The report showed everything was clean.
> |
> | I used this after using the following:
> |
> | housecall
> | symantec online scan
> | panda online scan
> | AVERT Stinger
> | CCleaner
> | Ad-Aware SE w/ the Ad-Aware VX2 Cleaner Plug-In for it
> | Spybot
> | Spyware Blaster
> | CWShredder
> | Kill2me
> | about:Buster
> | HSRemove
> |
> | found at http://forums.majorgeeks.com/archive/index.php/t-35407
> |
> |
> |
>
>
>

---

• Next message: TexasJac: "RE: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Previous message: André: ""File not found" when NTVDM loads AUTOEXEC.NT..."
• In reply to: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Next in thread: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Reply: David H. Lipman: "Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE? ... It says I'm clean. ... | McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2 ... | "The firewall has blocked an attempt to access this port." ... |> There are anti virus News Groups specifically for this type of discussion. ... (microsoft.public.windowsxp.security_admin) Re: mcafee firewall exception in CPD.exe ... At least thats my reading of your issue the virus is messing up the firewall ... If this condition is repeatable and prevents McAfee ... > The fix given to uninstall and reinstall may fix the symptoms for some ... (comp.security.firewalls) Re: Slippery intruder -- please advise ... It is behind firewall and has ... >McAfee with uptodate downloads and SP2 is installed. ... >Tried blocking the iprange in firewall, but everytime I reboot the port ... >machine changes as well. ... (comp.security.misc) Re: Assistance to Disable Port 1025 or make Stealthy ... > Have XP, MS FireWall is disabled, running McAfee FireWall v4.02. ... You mean it showed the port as being closed? ... (comp.security.firewalls) Re: if firewall on, my webdite inaccessible ... of traffic uses that port. ... | I had Firewall Settings figured out: it is port 80; ... | I believe there are virus lurking somewhere on my machine. ... |> When you send a request to a server on the Internet, that |> server must have an open port to receive your request. ... (microsoft.public.security.virus)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)