On Wed, 11 Feb 2004 19:33:05 +0000, Ian Kenefick
<virus-(E-Mail Removed)> wrote:
> Mr. F. wrote:
>> I think I got a virus but I can't find it. I downloaded one of those
>> newsgroup files about some hot chick nude. I didn't open the file
>> because I
>> knew it was a virus. The file was a .pif file. All I did was right
>> click
>> on the file to look at its properties and when I did that Explorer
>> crasher
>> and now I don't have administrator privileges and scanning for the visus
>> finds nothing. I use AVG antivirus (up to date), tried nortons online
>> scan
>> as well as another with no success. Could someone help me out. Thanks.
>> Scott
>>
>>
>
> I believe it is the new Dumaru varient,
>
> According to SARC,
>
> W32.Dumaru.AH@mm has a polymorphic dropper, which drops and runs the
> file C:\nload.exe when running. The dropped file nload.exe is 28,020
> bytes in size and is compressed with FSG. This file contains the worm's
> email routine. When nload.exe runs, it does the following,
>
> 1. Creates a file %Windir%\TEMP\photo.jpg, and launches explorer.exe
> to load this file, which is a graphic. (the "hot chick" you speak of)
>
> Regards, Ian Kenefick
Do a search in your Windows directory (& subdirectories) for:
dllreg.exe"
load32.exe"
Vxdmgr32.exe"
If you find them lurking in there, you're infected with W32.Dumaru@mm
If so, try downloading this the removal tool from here:
http://securityresponse.symantec.com...oval.tool.html
and do as the instructions recommend.
Regards,
Mick
--
Using M2, Opera's revolutionary e-mail client:
http://www.opera.com/m2/
Similar Threads
