virus mawar problem

Discussion in 'ESET Smart Security' started by fm_hyudin, Apr 20, 2008.

Thread Status:
Not open for further replies.
  1. fm_hyudin

    fm_hyudin Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    2
    I'm from malaysia and my computer had been infected by this virus mawar which is spreading very badly in our country.I'm using eset smart security latest version.i already updated my antivirus and scan my computer but the result is nothing.the eset smart security can't detect any of the virus mawar.

    this is the screenshot of the virus mawar which infected my internet explorer.the symptoms of this virus is it disable my regedit, task manager and few more things.plz help me.

    http://img254.imageshack.us/my.php?image=68083726ec4.jpg

    the sample of virus:

    [noparse]hxxp://www.mediafire.com/?tinwwgndykr[/noparse]

    ------
    EC edit: Virus link disabled.
     
    Last edited by a moderator: Apr 20, 2008
  2. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    is this a joke or real
     
  3. Nitrous

    Nitrous Registered Member

    Joined:
    Feb 4, 2008
    Posts:
    29
    Location:
    Russia, St.Petersburg
    I've installed this virus 3 hours ago... nothing happening.
     
  4. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    me too only panda antivirus detect it as JS/Autorun.QZ.worm
    must be joke
     
  5. Kielty

    Kielty Registered Member

    Joined:
    May 3, 2005
    Posts:
    139
    Location:
    The Emerald Isle
    same here, no damage to pc running Dr Web. No detections..
     
  6. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    Welcome to Wilders fm_hyudin. You have been infected by JS_AUTORUN.AAF. Scan with Housecall and use this tool. For manual fix/removal see this.

    Before scanning with Housecall,

    Do this. Locate VirusMawar.js, VirusMawar3.js, Haha.js in C:\ (check other drives also, eg: D:\) or C:\Windows\System32\. Put it/them in a password-protected zip and e-mail it to samples(at)eset.com. Include in the e-mail body the zip's password and this thread's url.

    The html file at mediafire.com is clean. I believe the malware uses that to notify and scare the victim (like brontok).

    thanatos
     
    Last edited: Apr 20, 2008
  7. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    Could you send "ViRusMaWar3.js" file in a password protected archive to support@eset.com
     
  8. fm_hyudin

    fm_hyudin Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    2
    thanks alot for all your reply firstly.this virus is really a serious matter and it had infected my computers and other computers very badly.the sad news is that eset couldn’t detect this virus at all.

    @ thanatos theos

    I did as you said but I couldn’t do fully because the virus had disabled most of my windows function by disabling folder option, disable regedit and much more.its like a bad nightmare for me.plz help me because I need to use a lot of my computer.i will do asu said by sending the virus sample to eset support by protecting it in a password protected archieve.


    @ proactivelover

    I will do as u said.thanks for giving the email.i hope eset will not disappoint me and I’m believing in all of you all to help me. Thanks in advance for helping.

    @ everyone

    Thanks in advance for helping me.
     
  9. thanatos_theos

    thanatos_theos Registered Member

    Joined:
    Apr 28, 2007
    Posts:
    540
    fm_hyudin please download and run this tool to remove the system restrictions made by the malware. Now continue following my previous instructions on submitting a sample of the malware to ESET.

    thanatos
     
    Last edited: Apr 22, 2008
Thread Status:
Not open for further replies.