Unknown virus

W

Wattsy

Hi,
A friend has called me with a problem that involves a virus called
W32.Matubu.a@MM her AV software (I don't yet know which she has) has
picked this virus up but she is getting problems with both startup and mouse
operation.
I've searched the web and Symantec/Sophos/McAfee do not have this nasty on
their searchable databases however a google search brings up a couple of
hits with the main one at
http://www.brocku.ca/its/helpdesk/virusalerts/viruses.phtml?vid=595 which
links to http://ktp.e-isa.com/Viruses/[email protected] Has anyone seen
this one before? and if so what is the suggested remedy-I see on those web
pages above that there are registry entries that may need editing etc and I
know she is not confident enough to attempt this. If this virus is known
under another name I would like to know what it is called in case there is a
simple *.exe tool available from Symantec say that I can copy to disk and
send to her.

Hope someone can help
Rgds
W
 
D

David H. Lipman

Wattsy:

The problem is cross-referencing this to the name anti virus companies use. There is no
vendor consistency in naming convention which is a problem.

You can try the following...

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt365.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM .

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode then shutdown as many applications as possible.
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html



| Hi,
| A friend has called me with a problem that involves a virus called
| W32.Matubu.a@MM her AV software (I don't yet know which she has) has
| picked this virus up but she is getting problems with both startup and mouse
| operation.
| I've searched the web and Symantec/Sophos/McAfee do not have this nasty on
| their searchable databases however a google search brings up a couple of
| hits with the main one at
| http://www.brocku.ca/its/helpdesk/virusalerts/viruses.phtml?vid=595 which
| links to http://ktp.e-isa.com/Viruses/[email protected] Has anyone seen
| this one before? and if so what is the suggested remedy-I see on those web
| pages above that there are registry entries that may need editing etc and I
| know she is not confident enough to attempt this. If this virus is known
| under another name I would like to know what it is called in case there is a
| simple *.exe tool available from Symantec say that I can copy to disk and
| send to her.
|
| Hope someone can help
| Rgds
| W
|
|
|
 
D

David W. Hodgins

links to http://ktp.e-isa.com/Viruses/[email protected] Has anyone seen
this one before? and if so what is the suggested remedy-I see on those web
Click to expand...

Looks to be the same as http://www.symantec.com/avcenter/venc/data/pf/[email protected]

As the only registry entry that needs to be deleted is in the run section, it should
be able to be disabled using msconfig, and just unchecking the entry. That is, if
sysclean doesn't recognize it (See DavId Lipman's article). As this entry is over
a month old, any virus scanner, with up-to-date definitions, should be able to deal
with it.

Regards, Dave Hodgins
 
P

Peter Seiler

David H. Lipman - 23.01.2005 19:33 :

Wattsy:

The problem is cross-referencing this to the name anti virus companies use. There is no
vendor consistency in naming convention which is a problem.

You can try the following...

1) Download the following two items...
Click to expand...

[snipped]

Hi David,

what do you think about my recommendation putting your hint to an
inet-address link which only you post here, so where everybody may go to?

Eaxample:

xy ask "A friend has called me with a problem..." and you only post a
link-address "http://...." where your hint can be found.
 
D

David H. Lipman

I think you can reply and provide informative replies they way you'd like.

--
Dave




| David H. Lipman - 23.01.2005 19:33 :
|
|
| > Wattsy:
| >
| > The problem is cross-referencing this to the name anti virus companies use. There is no
| > vendor consistency in naming convention which is a problem.
| >
| > You can try the following...
| >
| > 1) Download the following two items...
|
| [snipped]
|
| Hi David,
|
| what do you think about my recommendation putting your hint to an
| inet-address link which only you post here, so where everybody may go to?
|
| Eaxample:
|
| xy ask "A friend has called me with a problem..." and you only post a
| link-address "http://...." where your hint can be found.
|
| --
| by(e) PS
|
| spam will be killed
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Symantec failed at virus detection at Yahoo 2
Raid Slam - MBAM Programmer - Virus Writer Turns Tail 3
Five specific threats 17
W32 JeempB?? 9
New virus (price.cpl - Bagle varient) and current Virus-Total results 26
"() sent a friend request" - new virus? 4
keystroke spyware/virus? 2
What happened? somewhat related to CRYPTIC.AZC 10

Top