UPX v12_m5 - IRC/SdBot.AFN trojan NEW!!

Discussion in 'malware problems & news' started by russell0000, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. russell0000

    russell0000 Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1
    Hello,

    I was hoping someone could help me out with a problem. I have recently reinstalled windows 2K, and after updating virus definitions have found the following.



    C:\WINNT\system32\msconfg.exe »UPX v12_m5 - IRC/SdBot.AFN trojan



    After selecting ‘clean’, Nod32 scans and locates this, but then says it cannot do anything, the only option I have is to ‘leave’ and check the ‘quarantine’ check box. It then logs that 1 virus was found and 1 virus still ‘active’.

    Is this a hoax, or can you give me some direction on this one?

    i've tried restarting and cleaning in safe mode but the same response is given by NOD 32. o_O



    Thanks in advance,

    Russell
    ~snipped~ to remove email - snap
     
    Last edited by a moderator: Aug 7, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,087
    Location:
    Texas

    You could try sending this message to support@nod32.com. Or send the file zipped up with a password to samples@nod32.com
     
    Last edited by a moderator: Aug 7, 2004
  3. catman

    catman Guest

    ****warning, the following is the ravings of a total newbie, who didn't necessarily do things the easiest way****
    I had this problem, and eventually solved it by uninstalling NOD32 and using Symantec, which quarantined it without problem. I was pretty disappointed that I couldn't find reference to that trojan on the NOD32 site. Symantec identified it as w32.randex.gen, and had excellent instructions for removal.
     
  4. akcom

    akcom Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    9
  5. Dns

    Dns Guest

    Turn of system restore, hit delete and its gone... :)
    I would like to know how it is spread.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.