Re: Need some help with Alcan Worm... Please help!

From: "Dan" <REMOVECAPLETTERSxdualx@xxxxxxxxx>

| Just my luck, when I got cable connection yesterday afternoon(for temporary
| use since my stupid DSL ISP won't get hooked up yet due to their server
| strike) and my notebook starts acting funny. DU meter shows uploading all
| the time and I open task manager properly at all. After done looking around
| and it looks like one of those Alcan Worm. I've tried Xoftspy and doesn't
| remove it completely and just showing up more. The browser(IE) acting kinda
| weirdly. Sometimes it'd work fine and sometimes it doesn't now. When it
| worked, I did try use the scan from Trend Micro and it'd keep showing error
| message around 26% saying something like can't get the content, network is
| busy or something like that so I can't finish scan at all. I also tried to
| run hijackthis(a suggestion I heard to check what is going on) and it
| wouldn't run. When I try again, a error message would pop up but I can't
| read at all because something is closing it fast everytime... This is
| driving me nuts. Any good remover program would get rid of it? Ad-aware
| doesn't at all... Thanks in advance.
|

I suggest that you get a Cable/DSL Router such as the Linksys BEFSR41. The NAT Router will
act as a simplistic FireWall and create a barrier against Interbnet worms from accessing
your PC. There are many other benefits to such a device. One relates to DSL if the ISP
uses PPPoE. Instead of having to use a PPPoE software connector on a PC, the Router, not
the PC, will make the PPPoE connection.

As always, I suggest blocking both TCP and UDP ports 135 ~ 139 and 445 on *any* SOHO Router.

I suggest you use a utility called TCPVIEW by Sysinternals -
http://www.sysinternals.com/Utilities/TcpView.html

This tool gives a dynamic GUI view of what program opens up what TCP/UDP port and connects
to what Internet site. Not only will it show programs that open ports but it will show the
fully qualified name and path of the executable opening said port and the command line
switches used to load the executable.

This is a good uutility to find Trojan activity.

In addition to Art's suggestion of using a Kaspersky based AV scanning engine, I can suggest
a utility that provides 3 different anti virus scanners from; McAfee, Sophos and Trend
Micro...


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor?s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: spoolsv32.exe
    ... The submission will then be tested against 18 different AV vendor's scanners. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... Execute; Multi_AV.exe ...
    (microsoft.public.security.virus)
  • Re: help! Internet Explorer ignoring my HOSTS file
    ... correct any alterations and the utility provides AV scanners from; ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ... It is suggested to run the scanners in both Safe Mode and Normal Mode. ...
    (microsoft.public.security.virus)
  • Re: Malware seen during scan but security suite not catching it.
    ... | Have you tried Windows Live OneCare (a free malware scan from Microsoft)? ... MS OneCare is one of the worst anti virus scanners in the anti virus market. ... FireWall to allow it to download the needed AV vendor related files. ... This will bring up the initial menu of choices and should be executed in Normal Mode. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: agent.exe malicious error
    ... You should scan the computer using other anti virus software. ... scanning tool provides "On Demand" scanners for; ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ...
    (microsoft.public.windowsxp.general)
  • RE: Cannot Install Windows Media Player 11 beta
    ... Setup version 10.00.00.3646.] ... Checking for new UDB. ... We 'will' force a connection. ... Created instance of download manager. ...
    (microsoft.public.windowsmedia.player)