UPX v12_m5 - IRC/SdBot.AFN trojan NEW!!

Discussion in 'malware problems & news' started by russell0000, Jul 17, 2004.

Thread Status:
Not open for further replies.
  1. russell0000

    russell0000 Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1
    Hello,

    I was hoping someone could help me out with a problem. I have recently reinstalled windows 2K, and after updating virus definitions have found the following.



    C:\WINNT\system32\msconfg.exe »UPX v12_m5 - IRC/SdBot.AFN trojan



    After selecting ‘clean’, Nod32 scans and locates this, but then says it cannot do anything, the only option I have is to ‘leave’ and check the ‘quarantine’ check box. It then logs that 1 virus was found and 1 virus still ‘active’.

    Is this a hoax, or can you give me some direction on this one?

    i've tried restarting and cleaning in safe mode but the same response is given by NOD 32. o_O



    Thanks in advance,

    Russell
    ~snipped~ to remove email - snap
     
    Last edited by a moderator: Aug 7, 2004
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,775
    Location:
    Texas

    You could try sending this message to support@nod32.com. Or send the file zipped up with a password to samples@nod32.com
     
    Last edited by a moderator: Aug 7, 2004
  3. catman

    catman Guest

    ****warning, the following is the ravings of a total newbie, who didn't necessarily do things the easiest way****
    I had this problem, and eventually solved it by uninstalling NOD32 and using Symantec, which quarantined it without problem. I was pretty disappointed that I couldn't find reference to that trojan on the NOD32 site. Symantec identified it as w32.randex.gen, and had excellent instructions for removal.
     
  4. akcom

    akcom Registered Member

    Joined:
    Jul 14, 2003
    Posts:
    9
  5. Dns

    Dns Guest

    Turn of system restore, hit delete and its gone... :)
    I would like to know how it is spread.
     
Loading...
Thread Status:
Not open for further replies.