[Discuss] virus?
Bill Ricker
bill.n1vux at gmail.com
Tue Oct 28 11:43:04 EDT 2014
On Tue, Oct 28, 2014 at 10:47 AM, Stephen Adler <adler at stephenadler.com> wrote:
> So I go off and do a google search for Worm.VB-269 and I don't really
> find anything on it that tells me anything of what the worm does... I
> was hoping to find like a wiki page details all known viruses, what they
> do and how to eliminate them. Can anyone give me some pointers on how to
> find out what Worm.VB-269 does? Thanks!
Different AV vendors use different codes. CLAM is not popular in
Windows world, so their codes aren't in most articles.
Worm.VB-269 = W32/Autorun.worm!rz = Worm:Win32/Autorun.LD =
WORM_VB.JRI = Trojan.Agent.AMQM
http://threatcenter.crdf.fr/?More&ID=251154&D=CRDF.Worm.Worm.Win32.VB343982929
( Thank you France ! )
so google this -
"W32/Autorun.worm!rz" OR "Worm:Win32/Autorun.LD" OR "WORM_VB.JRI"
OR "Trojan.Agent.AMQM"
Suspected of infected Registry as well net drive/removables, as Hosts
file blocking security tool DNS.
The MS system cleaners may be able to clear this up for you.
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Autorun.LD
http://www.threatexpert.com/report.aspx?md5=1124a64b901bc03295ae0f6d958bc1bf
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=144588
[ In the general desktop case, the guys are right about wipe and
update being the surest solution -- and resistance to THIS threat on
later editions (took long enough!) but since you HAD this problem, you
obviously are stuck supporting legacy so I didn't bother mentioning
such irrelevance. This specific trojan/worm is simple enough that MS
free tools linked from their page above should be sufficient. Lather
rinse repeat: run A, B, A, B, ... until both say CLEAN. ]
Step ONE is still either shutting down the network (probably
unacceptable) or blocking these files from reappearing as discussed
previously, so it doesn't re-infect as you clean. And root on the
share should be R/O for cleanliness from now.
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list