help

Discussion in 'malware problems & news' started by InsaneJester, May 31, 2003.

Thread Status:
Not open for further replies.
  1. InsaneJester

    InsaneJester Registered Member

    Joined:
    Apr 28, 2003
    Posts:
    27
    :( ok i have this worm its all over the place need it gone (avg found it bout cant clean or quarentiene
    also i installed norton2003 hoping that would fix but it didnt even find it
    what do i do here is the scan log

    Results of Complete Test, date and time 5/30/2003 9:01:44 :

    Testing C:\ serial 6018-D07A
    C:\HIBERFIL.SYS Cannot open; not checked!
    C:\Documents and Settings\LocalService\NTUSER.DAT Cannot open; not checked!
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\NetworkService\NTUSER.DAT Cannot open; not checked!
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\SAVAGE\NTUSER.DAT Cannot open; not checked!
    C:\Documents and Settings\SAVAGE\ntuser.dat.LOG Cannot open; not checked!
    C:\Documents and Settings\SAVAGE\Local Settings\Application Data\Microsoft\WINDOWS\USRCLASS.DAT Cannot open; not checked!
    C:\Documents and Settings\SAVAGE\Local Settings\Application Data\Microsoft\WINDOWS\UsrClass.dat.LOG Cannot open; not checked!
    C:\WINDOWS\SYSTEM32\MS_32.EXE Virus identified Worm/Sddrop
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Cannot open; not checked!
    C:\WINDOWS\WTEMP32\Ad-aware 6.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\American Flag Screensaver.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Anno 1503_crack.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\AOL_Instant_Messenger.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\AVIPreview.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Battlefield1942_keygen.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\bf1942 crack (new).exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Boost XP.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\C&C G patch (new).exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\C&C Generals Crack 3.0.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\C&C Renegade_crack.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Cursor XP.exe repaired
    C:\WINDOWS\WTEMP32\Daemon Tools.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Diablo 2 Crack.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Diet KaZaA.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\DirectX_9.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Divx Bundle +XViD.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Divx_Bundle_Package_Crack.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Download Accelerator Plus 6.0.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\DVD RipPlus 2.3.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\eTrust_EZ_Anti-Virus.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Free RAM XP PRO.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\GetRight 3.4.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Global DiVX Player 3.0.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Global DiVx Player.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\Gothic 2 licence.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\GOTOMYPC.EXE Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\GROKSTER.EXE Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\GTA3 No CD Crack.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\ICQ hacks.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\ICQ Lite.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\ICQ Pro 2003a beta.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\iMesh 3.6.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\iMesh 3.7b (beta).exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\IMESH.EXE Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\IPARMOR.EXE Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\K-Lite Codec_Pack 5.0.exe Virus identified Worm/Sddrop
    C:\WINDOWS\WTEMP32\kazaa 2 ++.exe Virus identified Worm/Sddrop


    34999 objects tested, 39 found infected
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    That should be this one: http://www.sophos.com/virusinfo/analyses/w32sddropb.html

    Regards,

    Pieter
     
  3. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    I suggest to boot from a rescue disk created with your av software. If your av software does not allow this try F-Prot for DOS which is free. Information how to create a boot disk with F-Prot can be found here:

    http://www.claymania.com/f-prot.html

    wizard
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Big bo bo my post here :oops: wrong worm bad hole.
     
  5. InsaneJester

    InsaneJester Registered Member

    Joined:
    Apr 28, 2003
    Posts:
    27
    yea i made one with avg but when i try to boot with the rescue disk in flopy drive i get " disk error remove disk restart "
     
  6. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hi.

    See if you have 4 floppies lying around.

    If you can get to bootdisk.com, grab a w98se boot disk exe, and make a 98 boot disk. IF YOU ARE RUNNING XP, you will probably also need to d/l a copy of NTFSDOS, which you can google on. Add this to the 98 boot.

    1. D/l F-Prot for DOS, and extract the sign.def file to one floppy. Label it SIGN.DEF.
    2. Extract the sign2.def file to the second floppy. Label it SIGN2.DEF
    3. Extract the remaining files to the third floppy. Label this disk DISK 1/MACRO.DEF.
    4. Reboot your machine using the 98 boot disk. Choose start with/without cd support.

    When the machine gets to an "a:" prompt, type "ntfsdos", with no quotes.

    Take out the 98 boot disk, insert DISK 1, and type "f-prot /loaddef" (Without the quote marks).

    Follow the instructions on screen. When you get the F-Prot program up, go to the options area and select the option to clean automatically. Go back and select START onscreen, and let 'er rip.

    Let us know how this works. ;)
     
  7. InsaneJester

    InsaneJester Registered Member

    Joined:
    Apr 28, 2003
    Posts:
    27
    i ran f-port it didnt find the worm but i did it in safe comand prompt mode
    didnt seam like it scanned whole drive i gues ill try the boot disk method
     
  8. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Hi IJ,

    I IM'd you. Please re-read my post. I edited it. ;)
     
  9. InsaneJester

    InsaneJester Registered Member

    Joined:
    Apr 28, 2003
    Posts:
    27
    ok im sorry i been at this for hours so maybe im just buggin but i dont see what you edited :/

    but a budie of mine is about to hook me up with " ntfsdos pro v4.0 " i think this will do what your saying
     
  10. Longthing

    Longthing Registered Member

    Joined:
    Jul 27, 2002
    Posts:
    40
  11. InsaneJester

    InsaneJester Registered Member

    Joined:
    Apr 28, 2003
    Posts:
    27
    all clean and thx for all the hel
    was strange actualy norton wouldnt catch it till i scaned with avg again wich caught it the fist time well avg didnt catch it this time but as it scaned over each file norton then desided to catch it and clean strange
    anywho thx and l8s
     
Loading...
Thread Status:
Not open for further replies.