Win32/Bobax.B worm found

Discussion in 'NOD32 version 2 Forum' started by Inviernos, Jun 12, 2004.

Thread Status:
Not open for further replies.
  1. Inviernos

    Inviernos Registered Member

    Jun 6, 2004
    NOD32 Antivirus detected "Win32/Bobax.B worm, AKA Troj_madfind.A" located in C:\WINDOWS\SYSTEM32\SVC.EXE

    System information:

    Virus signature database version: 1.787 (20040612)
    Dated: Saturday, June 12, 2004
    Virus signature database build: 4608

    Information on other scanner support parts
    Advanced heuristics module version: 1.007 (20040309)
    Advanced heuristics module build: 1053
    Internet filter version: 1.001 (20031104)
    Internet filter build: 1012
    Archive support module version: 1.014 (2004040:cool:
    Archive support module build version: 1088

    Information on installed components
    NOD32 For Windows NT/2000/XP/2003 - Base
    Version: 2.000.9
    NOD32 For Windows NT/2000/XP/2003 - Internet support
    Version: 2.000.8
    NOD32 for Windows NT/2000/XP/2003 - Standard component
    Version: 2.000.9

    Operating system information
    Platform: Windows XP Pro
    Version: 5.1.2600 Service Pack 1
    Version of common control components: 5.82.2800
    RAM: 512 MB
    Processor: Intel(R) Pentium(R) 4 CPU 1500MHz (1495 MHz)
    Firewall: Outpost Pro 2.x

    No removal or cleaning information available from ESET when discovered. No complaint and I'm not trying to convert anyone, just wanted the worm off my machine.

    Did find detailed description and solution information at Trend Micro (TM) site:

    Although, TM did not instruct on how to remove from computer, I merely deleted "SVC.EXE" from C:\WINDOWS\SYSTEM32\ . Then made sure to empty the Recycle Bin. Tried to "ERASE" it, but file was locked and would not erase.

    After all the cleanup ran NOD32 with as deep a scan as it can and found no remnants.

    Went to Microsoft and updated XP with latest critical "security" patches.

    Also set application "SVC.EXE as a blocked application in firewall, Outpost Pro ver. 2.x.

    Hope this is of help to anyone else infected with this worm or it variants.

Thread Status:
Not open for further replies.