SpyBot S&D, W32.Serflog.A

[Lil' Abner]

There's a brand new one out... W32.Serflog.A. It is spread thru MSN
messenger. It is *very* nasty and hard to get rid of. Fortunately Symantec
has a repair file for it. It puts lots of files in the root directory and
three in the system32 directory (in XP). One of them is "formatsystem.exe".
That was enough to make me cringe. Anyway, I got rid of it and then started
running all the other tools. MSAS, AdAware, and finally Spybot S&D. They
all found considerable more. So then I switched to another user account and
ran them all again. When I came to Spybot S&D, the bar at the bottom
shoots right across to almost the end then checks for Wild Tangent and a
couple others and then it is done. So I tried it in still another user
account (there's four users) and it does the same thing. Then I uninstalled
Spybot S&D and installed the newest version, 1.4 B2. When I run it, it is
still doing the same damn thing. It doesn't scan anything but the last few
on the list. Whether the virus had anything to do with it or not I'm not
sure. Has anyone seen this behavior in Spybot Search & Destroy before? If
so were you able to cure it?

 

[Ian JP Kenefick]

There's a brand new one out... W32.Serflog.A. It is spread thru MSN
messenger. It is *very* nasty and hard to get rid of. Fortunately Symantec
has a repair file for it. It puts lots of files in the root directory and
three in the system32 directory (in XP). One of them is "formatsystem.exe".
That was enough to make me cringe. Anyway, I got rid of it and then started
running all the other tools. MSAS, AdAware, and finally Spybot S&D. They
all found considerable more. So then I switched to another user account and
ran them all again. When I came to Spybot S&D, the bar at the bottom
shoots right across to almost the end then checks for Wild Tangent and a
couple others and then it is done. So I tried it in still another user
account (there's four users) and it does the same thing. Then I uninstalled
Spybot S&D and installed the newest version, 1.4 B2. When I run it, it is
still doing the same damn thing. It doesn't scan anything but the last few
on the list. Whether the virus had anything to do with it or not I'm not
sure. Has anyone seen this behavior in Spybot Search & Destroy before? If
so were you able to cure it?

This virus was first reported on March 7th @ 10:22am

Aliases include the following....

Fatso.A
IM-Worm.Sumom.a
IM-Worm.Win32.Sumom.a
Serflog
Sumom.A
W32.Serflog.A
W32/Assiral.C.worm
W32/Crog.worm
W32/Fatso.A.worm
W32/Sumom-A
Win32.Bropia.U
Win32.Sumom.A
Win32.Worm.Sumom.A
Worm:Win32/Crazog.A
WORM_FATSO.A

Because this is a virus you should remove it with antivirus tools (as
you have) and not with antispyware. If you want to scan you system for
remnants of this virus use 'procedure a' on my websites 'Got a virus?'
section.
--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com > 'Got a virus?'

 

[Lil' Abner]

This virus was first reported on March 7th @ 10:22am

Yeah, I saw that. That's *almost* brand new ...

Aliases include the following....

Fatso.A
IM-Worm.Sumom.a
IM-Worm.Win32.Sumom.a
Serflog
Sumom.A
W32.Serflog.A
W32/Assiral.C.worm
W32/Crog.worm
W32/Fatso.A.worm
W32/Sumom-A
Win32.Bropia.U
Win32.Sumom.A
Win32.Worm.Sumom.A
Worm:Win32/Crazog.A
WORM_FATSO.A

Because this is a virus you should remove it with antivirus tools (as
you have) and not with antispyware. If you want to scan you system for
remnants of this virus use 'procedure a' on my websites 'Got a virus?'
section.

I'll take a look. Maybe the "remnants" are what's causing the problem
with Spybot S&D. Everything is coming up clean now in all four user
accounts, the only problem being that Spybot won't scan them right.

 

[David H. Lipman]

From: "Lil' Abner" <[email protected]>


|
| I'll take a look. Maybe the "remnants" are what's causing the problem
| with Spybot S&D. Everything is coming up clean now in all four user
| accounts, the only problem being that Spybot won't scan them right.
|
| --
| -- Being "over the hill" is much better than being under it! --

You have to have sufficient rights to perform a scan in the profiles of other users and if
the User Registry is altered, you will have to logon as the other users and perform the
scan(s) to correct their respective Registry alterations.

 

[rjdriver]

Then I uninstalled

Spybot S&D and installed the newest version, 1.4 B2. When I run it, it is
still doing the same damn thing. It doesn't scan anything but the last few
on the list.

It's unlikely, but perhaps the virus altered Spybot's "Ignore List". Go to
Settings and take a look.


Bob