Warez P2P virus

[Guest]

I got a virus with this Warez P2P. It's ads popping up when I'm surfing. So I
started the antivirus and during the memory test it found virus in the
internal software files. So Avast advised me to boot search for viruses. I
did that and moved one infected file to chest

2005-12-18 13:22:28 Nico 2920 Sign of "Win32:Trojan-gen. {Other}" has
been found in "c:\windows\system32\msapplg.exe" file.

It also found services.exe in C:\windows\services.exe I also moved this to
chest.
So now when scanning is done I still have popup problems.

services.exe C:\WINDOWS Win32:Trojan-gen

A0117566.exe C:\System Volume Information\_restore..............
Win32:Trojan-gen

 

[David H. Lipman]

From: "Nicoliani ™" <[email protected]>

| I got a virus with this Warez P2P. It's ads popping up when I'm surfing. So I
| started the antivirus and during the memory test it found virus in the
| internal software files. So Avast advised me to boot search for viruses. I
| did that and moved one infected file to chest
|
|

2005-12-18 13:22:28 Nico 2920 Sign of "Win32:Trojan-gen. {Other}" has
| been found in "c:\windows\system32\msapplg.exe" file.

|
| It also found services.exe in C:\windows\services.exe I also moved this to
| chest.
| So now when scanning is done I still have popup problems.
|
|

services.exe C:\WINDOWS Win32:Trojan-gen

|

A0117566.exe C:\System Volume Information\_restore..............
| Win32:Trojan-gen

Use the following tool to verify and claen the pC. If you use the Trend Micro module,
disable Avast prior to using this module as Avast falsely declares the "VBS/RedLof" in the
scanning utility.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *

 

[Mike Hall \(MS-MVP\)]

Nicoliani

David has given good advice..

Mine is to go to Control Panel - Add/Remove, and remove Warez P2P, unless
you want this kind of thing to happen again, of course..

--
Mike Hall
MVP - Windows Shell/User

I got a virus with this Warez P2P. It's ads popping up when I'm surfing. So
I
started the antivirus and during the memory test it found virus in the
internal software files. So Avast advised me to boot search for viruses. I
did that and moved one infected file to chest

2005-12-18 13:22:28 Nico 2920 Sign of "Win32:Trojan-gen. {Other}"
has
been found in "c:\windows\system32\msapplg.exe" file.

It also found services.exe in C:\windows\services.exe I also moved this to
chest.
So now when scanning is done I still have popup problems.

services.exe C:\WINDOWS Win32:Trojan-gen

A0117566.exe C:\System Volume Information\_restore..............
Win32:Trojan-gen

 

[Sharon F]

I got a virus with this Warez P2P. It's ads popping up when I'm surfing. So I
started the antivirus and during the memory test it found virus in the
internal software files.

Hahahahahahaha --- oops, sorry. But as momma said "if you sleep with the
dogs, you will get fleas."

Clear your system restore points and then see what a scan has to say. Or at
least create a new restore point and then use Disk CleanUp> Other to delete
all but the most recent restore point.

That still leaves you with the excessive popups which may be more spyware
related rather than a side effect of the virus/trojans found previously.
May want to try that approach next - scanning with anti-spyware software
that has been updated with recent definitions.

Also don't know if you're aware but Avast has some good user forums here:
http://forum.avast.com/

 

[Vanguard]

I got a virus with this Warez P2P.

Warez.com - Home of Warez P2P
"Software piracy portal including news, faqs, top lists, and a search
engine."

Yeah, and you expect sympathy and help for using pirating services? And you
deliberately chose to bypass security by running a P2P server on your host
that you don't know how to secure, foolishly trust those files that came
from other P2P users rather than from the software author, and for which you
haven't a clue as to what files or portion thereof are on your host or their
content, like kiddie porn (which the FBI doesn't care about your claimed
ignorance of its presence; read
http://www.fbi.gov/dojpressrel/pressrel04/p2p051404.htm)? Warez P2P, which
does contextual advertising, is known to install new.net adware
(http://research.sunbelt-software.com/threat_display.cfm?name=NewDotNet&threatid=9108&search=new.net).
For your stealing, you got what you deserved.

 

[Guest]

I removed it with Toolbarcop