Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] virus?

On Tue, Oct 28, 2014 at 10:47 AM, Stephen Adler <adler at> wrote:
> So I go off and do a google search for Worm.VB-269 and I don't really
> find anything on it that tells me anything of what the worm does... I
> was hoping to find like a wiki page details all known viruses, what they
> do and how to eliminate them. Can anyone give me some pointers on how to
> find out what Worm.VB-269 does? Thanks!

Different AV vendors use different codes. CLAM is not popular in
Windows world, so their codes aren't in most articles.

Worm.VB-269 = W32/Autorun.worm!rz = Worm:Win32/Autorun.LD =
WORM_VB.JRI = Trojan.Agent.AMQM
( Thank you France ! )
so google this -
  "W32/Autorun.worm!rz"  OR "Worm:Win32/Autorun.LD"  OR "WORM_VB.JRI"
OR "Trojan.Agent.AMQM"

Suspected of infected Registry as well net drive/removables, as Hosts
file blocking security tool DNS.

The MS system cleaners may be able to clear this up for you.

[ In the general desktop case, the guys are right about wipe and
update being the surest solution -- and resistance to THIS threat on
later editions (took long enough!) but since you HAD this problem, you
obviously are stuck supporting legacy so I didn't bother mentioning
such irrelevance. This specific trojan/worm is simple enough that MS
free tools linked from their page above should be sufficient. Lather
rinse repeat: run A, B, A, B, ... until both say CLEAN.  ]

Step ONE is still either shutting down the network (probably
unacceptable) or blocking these files from reappearing as discussed
previously, so it doesn't re-infect as you clean. And root on the
share should be R/O for cleanliness from now.

Bill Ricker
bill.n1vux at

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /