|
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 9, 2007, 5:34 am
If you were Registered and logged in, you could reply and use other advanced thread options
"chuck" wrote:
> Thanks for your help. I have run the scan in safe mode with Symantec AV.
> Nothing found.
> I then reboot. Install and scan with SpyBot. There are several registry
> entries found and destroyed. But the winxx.exe still got replicated like
> crazy in my "\Documents and Settings\,user name>\local settings\temp folder.
> I then installed Node32. I scanned the hard disk with Nod32. No threat was
> found.
>
> Now I keep having a dialog popping up from Nod32.
>
> http://www.ucdq.com/k.exe
> Probably unkonown NewHeur_PE virus
>
> I chose to terminate it. But the dialog keeps coming up. I keeps killing it.
>
> Have you heard of this virus?
>
> I checked Google for www.ucdq.com. All the articles are in Chinese. It looks
> like a Asian virus.
>
Hello . This pop-up comes from IMON , the internet monitoring of NOD32 .
Most likely you have a trojan-dropper trying to drop something nasty . NOD32
detects the dropped part but cannot detect the exact dropper . This (Probably
unkonown NewHeur_PE virus) is a new unknown virus which NOD32 detects thanks
to emulation , its advanced heuristics . Thanks for it , I'll submit it to
ESET and other vendors .
In the meantime , you need to open VirusTotal http://www.virustotal.com
and submit this file "winxx.exe" and everyother you suspect . Browse to that
file and follow the instructions . VirusTotal is a free service which allows
you to scan files with lots of reputable AV vendors with latest definitions .
Then , use Ewido Micro which I offer you in the page
http://pandaman.my.contact.bg , it could detect this trojan dropper .
Post again what programs detect winxx.exe and what happended with Ewido's scan
--
Panda_man
Silver level Contributor
| 
XML site map