"svcxnw32.exe" & "drvstat16.exe" infected files

  • Thread starter David H. Lipman
  • Start date
D

David H. Lipman

If you have been infected by the above named files by visiting a web site that indicated
"S a n t a C l a u s e l i k e y o u h a v e n e v e r s e e n h i m
b e f o r e ". (spaces added to pass MS News Server filters)

McAfee has a solution. However, due to licensing issues, it can't be posted publicly. If
you are infected by the above, which McAfee defines as; "BackDoor-AZV.gen" &
"W32/Gaobot.worm.gen.e", email me for removal instructions. Just remove ~nospam~.
 
D

David H. Lipman

I have gotten Trend to release a Pattern File for these infectors identified by Trend as..

drvstat16.exe --> "WORM_AGOBOT.AEW"
svcxnw32.exe --> "TROJ_SPIG.C"

The MINIMUM Pattern File level is a Controlled Pattern Release (CPR) 348.01
As of the time of this posting, the CPR version is 348.03.

Here are the directions...


1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Controlled Pattern Release (for 348.03)
http://www.trendmicro.com/download/pattern-cpr.asp

* After January 14 or when the Pattern File is equal to or greater than 349
Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp



Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt348.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP, Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point


* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html





| If you have been infected by the above named files by visiting a web site that indicated
| "S a n t a C l a u s e l i k e y o u h a v e n e v e r s e e n h i m
| b e f o r e ". (spaces added to pass MS News Server filters)
|
| McAfee has a solution. However, due to licensing issues, it can't be posted publicly. If
| you are infected by the above, which McAfee defines as; "BackDoor-AZV.gen" &
| "W32/Gaobot.worm.gen.e", email me for removal instructions. Just remove ~nospam~.
|
| --
| Dave
|
|
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Scrabble Value calculation for Welsh words 0
What are these ? 8
I have executed one wrong command and drastic has happeneed. 2
Fw: Problem: Is it the printer, Win XP or PDF??? 5
"I LOVE MY PEANUT" vbs. + windows NT cmd Script Infection [HELP ME 1
Fill array with Values 4
Sending mail message with unicode text 1
Very weird DOS error 1

Top