|
Posted by tiago on August 31, 2005, 5:08 am
If you were Registered and logged in, you could reply and use other advanced thread options
Results of a file scan
This is a report processed by VirusTotal on 08/31/2005 at 11:04:59 (CET)
after scanning the file "svcproc.exe.Vir" file.
Antivirus Version Update Result
AntiVir 6.31.1.0 08.31.2005 TR/Stervis.D
Avast 4.6.695.0 08.29.2005 Win32:Stervis
AVG 718 08.29.2005 Generic.AMF
Avira 6.31.1.0 08.31.2005 TR/Stervis.D
BitDefender 7.0 08.31.2005 no virus found
CAT-QuickHeal 8.00 08.30.2005 Trojan.Stervis.d
ClamAV devel-20050725 08.31.2005 no virus found
DrWeb 4.32b 08.31.2005 no virus found
eTrust-Iris 7.1.194.0 08.30.2005 no virus found
eTrust-Vet 11.9.1.0 08.31.2005 no virus found
Fortinet 2.41.0.0 08.31.2005 W32/ProcKill
F-Prot 3.16c 08.31.2005 no virus found
Ikarus 0.2.59.0 08.30.2005 no virus found
Kaspersky 4.0.2.24 08.31.2005 Trojan.Win32.Stervis.d
McAfee 4570 08.30.2005 potentially unwanted program ProcKill-CR
NOD32v2 1.1205 08.30.2005 no virus found
Norman 5.70.10 08.29.2005 W32/Stervis.D
Panda 8.02.00 08.30.2005 Trj/Stervis.D
Sophos 3.97.0 08.31.2005 no virus found
Symantec 8.0 08.30.2005 no virus found
TheHacker 5.8.2.097 08.30.2005 no virus found
VBA32 3.10.4 08.30.2005 Trojan.Win32.Stervis.d
> David H. Lipman wrote:
>
>>
>> | Hello All...
>> |
>> | I Have a problem, that AV detects that virus in svcproc.exe located
>> | in c:\windows... that file is associated to the servise "System
>> | Startup Procedure".. i have disable that service, but when i restart
>> | the computer the virus apeears again..
>> |
>> | my computer is XP SP2 (english)
>> |
>> | any ideias to remove teh virus?
>> |
>> | regards
>> | Tiago
>> |
>>
>> Please submit a sample of "svcproc.exe" to Virus Total --
>> http://www.virustotal.com/flash/index_en.html
>> The submission will then be tested against many different AV vendor's
>> scanners.
>> That will give you an idea what it is and who recognizes it. In
>> addition, unless told otherwise, Virus Total will provide the sample
>> to all paricipating vendors.
>>
>> When you get the report, please post back the exact reults.
>>
>>
>> Disable the service, run the AV software and clean the PC to remove
>> the infector.
>>
>> Remove the service using the attached Resource Kit Tool
>>
>> Execute; delsrv ServiceName
>>
>
> Although it is always a good idea to submit an unknown file to Virus
> Total, this is actually not an unknown file. Tiago, the first step when
> you get something like this is always to Google the name. Here's a
> Google search using "svcproc.exe":
>
> http://www.google.com/search?q=svcproc.exe&btnG=Search&hl=en&lr=
>
> You will see from the many links that this is hijacking malware related
> to the vile Aurora/Nail/ABetterInternet cr*p. Here are general malware
> removal steps:
>
> http://www.elephantboycomputers.com/page2.html#Removing_Malware
>
> To add to that (I'm actually working on getting this new information on
> the website now), you should download the new VX2 Ad-aware add-on from
> Lavasoft. After you install Ad-aware (or if you already have it
> installed), put the add-on files in Ad-aware's Plugins directory. Then
> run the Add-on. Afterwards, there may still be these files in the
> Windows directory:
>
> C:\WINDOWS\ffsnvqmgpiy.exe
> C:\WINDOWS\rramcx.exe
>
> Delete them.
>
> You should still go through systematic scanning for malware, but this
> should get rid of the offender you posted about.
>
> Malke
> --
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic!"
> MS-MVP Windows - Shell/User
| 
XML site map