W32.Arpiframe

W32.Arpiframe found on my system this morning, using another virus checker. My system was severely affected, so it was not a false positive.

Just thought I'd mention it here, as I can't find any reference to this worm, either here or over at Esset.

Cheers

 

Please compress the file using RAR/ZIP, protect the archive with the password "infected" and submit it to samples[at]eset.com along with this thread's url in the subject.

 

Unfortunately, I did not keep a quarantined copy when cleaning. My system was in such a mess, even after cleaning, only a System Restore would solve the problem.

Cheers

Brian

 

It could have been just a false positive and the problems were actually stemming from something else. Hence we always need to get and analyse any suspicious files you might come across before you delete them.

I have found one sample that Symantec detects as W32.Arpiframe. It's just a hack tool, not a threat if that's the same file as the one you mean.

 

Ok, I'll keep that in mind for the future. It was only after checking on Symantec's site that I became aware that it was a worm that attacks HTML and browser. I was certainly experiencing problems in that line, which went away after I removed it, and repaired using a System Restore. It was certainly a nasty, and it was definitely there.

Cheers

Brian

 

It's just a command line tool, maybe other malware used to exploit it for malicious purposes.