Home > General > W32.Spot.Worm

W32.Spot.Worm

Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. Reason: The filter driver requires an up-to-date engine in order to function. his comment is here

Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Cridex.B&threatid=2147649733 Name: Worm:Win32/Cridex.B ID: 2147649733 Severity: Severe Category: Worm Path: containerfile:_C:\Documents and Settings\paulb\Application Data\KB00757882.exe;file:_C:\Documents and Settings\paulb\Application Data\KB00757882.exe->[Obfuscator.PN];regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\KB00757882.exe;runkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\KB00757882.exe Detection Origin: Local machine Detection Type: Concrete The worm also tries to delete C:\SAFEWEB\ folder. Reason: The filter driver was unloaded unexpectedly. 11/18/2011 4:43:10 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=125687

Reset and remove the CD from CD-ROM drive. It copies all files found in the current malware path to the created Skypee folder.

SOLUTION Minimum Scan Engine: 9.700FIRST VSAPI PATTERN FILE: 10.886.02FIRST VSAPI PATTERN DATE: 26 Jun 2014VSAPI Contact the administrator to install the driver before you log in again. 11/18/2011 4:32:51 PM, error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on New Signature Version: Previous Signature Version: 1.115.2143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

MBER was able to clean it and on restart, I again scanned using MBER, This time it didn't find anything. (I have attached the latest log, below) Then I used GMER This will also include all removable drives. ======================================= My Guidelines: please read and follow: Be patient. The worm's unpacked file is about 145 kilobytes long. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version:

Reason: The filter driver requires an up-to-date engine in order to function. or Find..., depending on the version of Windows you are running. C: is FIXED (NTFS) - 149 GiB total, 44.535 GiB free. http://www.techspot.com/community/topics/closed-pc-infected-with-win32-cridex-worm.173807/ For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Cridex.B&threatid=2147649733 Name: Worm:Win32/Cridex.B ID: 2147649733 Severity: Severe Category: Worm Path: containerfile:_C:\Documents and Settings\paulb\Application Data\KB00757882.exe;file:_C:\Documents and Settings\paulb\Application Data\KB00757882.exe->[Obfuscator.PN];regkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\KB00757882.exe;runkey:[email protected]\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\KB00757882.exe Detection Origin: Local machine Detection Type: Concrete

Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. Feature: Behavior Monitoring Error Code: 0x8007001f Error description: A device attached to the system is not functioning. If your problem persist, you can send a PM to reopen it. ===================================== Nov 23, 2011 #2 paulb TS Rookie Topic Starter Thank You bobbye for your help. Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318} Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard Device ID: ACPI\PNP0303\4&16E8443F&0 Manufacturer: (Standard keyboards) Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&16E8443F&0 Service: i8042prt

Note F-Secure Anti-Virus detects Goner worm with updates from December 4th, 2001 / 16:05:50 (GMT+2) NOTE: Although many other anti-virus companies rank Goner to their highest risk level, F-Secure is still On the Windows Advanced Option menu, use the arrow keys to select Safe Mode then press Enter. • For Windows Vista and Windows 7 users Restart your computer. Y: is NetworkDisk (NTFS) - 408 GiB total, 273.986 GiB free. . ==== Disabled Device Manager Items ============= . The system returned: (22) Invalid argument The remote host or network may be down.

The worm looks for and terminates the following processes: APLICA32.EXE ZONEALARM.EXE ESAFE.EXE CFIADMIN.EXE CFIAUDIT.EXE CFINET32.EXE CFINET.EXE IAMSERV.EXE IAMAPP.EXE PCFWallIcon.EXE FRW.EXE VSHWIN32.EXE VSECOMR.EXE WEBSCANX.EXE AVCONSOL.EXE VSSTAT.EXE NAVAPW32.EXE NAVW32.EXE _AVP32.EXE _AVPCC.EXE _AVPM.EXE AVP32.EXE http://controlpanelsource.com/general/w32-bropia-worm.html Then it shows a messagebox with a fake error message: The worm copies itself as GONE.SCR to Windows System folder and tries to creates its startup key in the Registry. Reason: The filter driver was unloaded unexpectedly. 11/21/2011 12:01:10 PM, error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. To do this, click Start>Run, type regedit in the text box provided, then press Enter.

To avoid an infection from this worm, disable the file sharing option if not necessary. On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer. The following corrective action will be taken in 30000 milliseconds: Restart the service. 11/21/2011 12:02:37 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. weblink After that I was searching about viruses and I found out about this forum.

Reason: The filter driver requires an up-to-date engine in order to function. I do not know what MRB Check is? It is also where the operating system is located.)

It terminates itself if it finds the following processes in the affected system's memory: combination of the following processes:avp.exe, zonealarm.exe and avguard.exetcpview.exe, procmon.exe

Our partner has a computer worm removal tool to automatically clean W32.Tkbot.Worm from your computer.

Your cache administrator is webmaster. The system returned: (22) Invalid argument The remote host or network may be down. More scanning & removal options More information on the scanning and removal options available in your F-Secure product can be found in the Help Center. Ask a Question See Latest Posts TechSpot is dedicated to computer enthusiasts and power users.

Reason: The filter driver requires an up-to-date engine in order to function. Feature: On Access Error Code: 0x8007001f Error description: A device attached to the system is not functioning. After that, I did full system scan using Windows MSE and it found lot of Trojan downloaders in Java's cache directory. check over here It also tries to access files on the floppy drive (A:\) , modifying files similarly.

The data we have on this virus currently does not justify ranking it higher; we've received only limited out of samples of the virus from the field, the virus is not After a while the complete desktop is filled up with icons of new files, making it very easy to spot that something strange is going on. Buy Home Office Online Store Renew Online Business Find a Partner Contact Us 1-877-218-7353 (M-F 8am - 5pm CST) Small Business Small Business Online Store Renew Online Find a Partner Contact They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message.

Reason: The filter driver requires an up-to-date engine in order to function. On the Advanced Boot Options menu, use the arrow keys to select the Safe Mode option, and then press Enter. Contact Us Careers Newsroom Privacy Support linkedin twitter facebook youtube rss Copyright © 2017 Trend Micro Incorporated. You must install the latest definition updates in order to enable real-time protection. 11/21/2011 12:00:59 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly.

It has done this 1 time(s). 11/21/2011 12:00:44 PM, error: Service Control Manager [7034] - The OracleMTSRecoveryService service terminated unexpectedly. New Signature Version: Previous Signature Version: 1.115.2143.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: