Inviernos
June 12th, 2004, 07:28 PM
NOD32 Antivirus detected "Win32/Bobax.B worm, AKA Troj_madfind.A" located in C:\WINDOWS\SYSTEM32\SVC.EXE
System information:
Virus signature database version: 1.787 (20040612)
Dated: Saturday, June 12, 2004
Virus signature database build: 4608
Information on other scanner support parts
Advanced heuristics module version: 1.007 (20040309)
Advanced heuristics module build: 1053
Internet filter version: 1.001 (20031104)
Internet filter build: 1012
Archive support module version: 1.014 (20040408)
Archive support module build version: 1088
Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.9
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.8
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.9
Operating system information
Platform: Windows XP Pro
Version: 5.1.2600 Service Pack 1
Version of common control components: 5.82.2800
RAM: 512 MB
Processor: Intel(R) Pentium(R) 4 CPU 1500MHz (1495 MHz)
Firewall: Outpost Pro 2.x
No removal or cleaning information available from ESET when discovered. No complaint and I'm not trying to convert anyone, just wanted the worm off my machine.
Did find detailed description and solution information at Trend Micro (TM) site:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MADFIND.A
Although, TM did not instruct on how to remove from computer, I merely deleted "SVC.EXE" from C:\WINDOWS\SYSTEM32\ . Then made sure to empty the Recycle Bin. Tried to "ERASE" it, but file was locked and would not erase.
After all the cleanup ran NOD32 with as deep a scan as it can and found no remnants.
Went to Microsoft and updated XP with latest critical "security" patches.
Also set application "SVC.EXE as a blocked application in firewall, Outpost Pro ver. 2.x.
Hope this is of help to anyone else infected with this worm or it variants.
Inviernos
System information:
Virus signature database version: 1.787 (20040612)
Dated: Saturday, June 12, 2004
Virus signature database build: 4608
Information on other scanner support parts
Advanced heuristics module version: 1.007 (20040309)
Advanced heuristics module build: 1053
Internet filter version: 1.001 (20031104)
Internet filter build: 1012
Archive support module version: 1.014 (20040408)
Archive support module build version: 1088
Information on installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.000.9
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.000.8
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.000.9
Operating system information
Platform: Windows XP Pro
Version: 5.1.2600 Service Pack 1
Version of common control components: 5.82.2800
RAM: 512 MB
Processor: Intel(R) Pentium(R) 4 CPU 1500MHz (1495 MHz)
Firewall: Outpost Pro 2.x
No removal or cleaning information available from ESET when discovered. No complaint and I'm not trying to convert anyone, just wanted the worm off my machine.
Did find detailed description and solution information at Trend Micro (TM) site:
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MADFIND.A
Although, TM did not instruct on how to remove from computer, I merely deleted "SVC.EXE" from C:\WINDOWS\SYSTEM32\ . Then made sure to empty the Recycle Bin. Tried to "ERASE" it, but file was locked and would not erase.
After all the cleanup ran NOD32 with as deep a scan as it can and found no remnants.
Went to Microsoft and updated XP with latest critical "security" patches.
Also set application "SVC.EXE as a blocked application in firewall, Outpost Pro ver. 2.x.
Hope this is of help to anyone else infected with this worm or it variants.
Inviernos