cannot find anything about this virus and how to delete it (SPR/YFlood.A.3)

cannot find anything about this virus and how to delete it (SPR/YFlood.A.3)
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
cannot find anything about this virus and how to delete it (SPR/YFlood.A.3) Massimo 03-11-2008
Posted by Massimo on March 11, 2008, 4:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello,

Today I uninstalled McAfee antivirus and firewall programs on my
second computer.
(WindowsXP Home sp2)

I installed in their places Comodo firewall 2.4 (version 3.X does not
work well on that computer) and Avira Antivir Personal Ed. (=free
version).
Of course I updated these programs right after installing them.

So I decided to do a first thorough scan with Avira after making the
necessary settings in the program and... it found a virus! In
C:\Windows\System32\prjChameleon.ocx it found a pattern of
SPR/YFlood.A.3.

Avira offered to quarantine the file and I accepted.
------------------------------------------------

1. During a second scan it found *again* a file contaminated by the
same virus (or whatever it is). I quarantined it again.
2. I wanted to take a look at the Avira-site into their virus-database
in order to find what characteristics SPR,etc. has and to find out
what tot do to get definitively rid of it. But it was nowhere to be
found in this database! Google has only some entries for this
virusname and they didn't help me (Russian, Italian, etc.)
------------------------------------------------

Don't know what to do now.

Please advice?

Regards,
Massimo

(P.S.: I did also scans with Spybot S&D and Ad-Aware on this computer)






Posted by David H. Lipman on March 11, 2008, 5:19 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

< snip >

|
| So I decided to do a first thorough scan with Avira after making the
| necessary settings in the program and... it found a virus! In
| C:\Windows\System32\prjChameleon.ocx it found a pattern of
| SPR/YFlood.A.3.
|

< snip >



Please submit a sample of "prjChameleon.ocx" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Posted by Massimo on March 12, 2008, 2:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello David,

On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"

>
>< snip >
>
>|
>| So I decided to do a first thorough scan with Avira after making the
>| necessary settings in the program and... it found a virus! In
>| C:\Windows\System32\prjChameleon.ocx it found a pattern of
>| SPR/YFlood.A.3.
>|
>
>< snip >
>
>
>
>Please submit a sample of "prjChameleon.ocx" to Virus Total --
>http://www.virustotal.com/flash/index_en.html
>The submission will then be tested against many different AV vendor's scanners.
>That will give you an idea what it is and who recognizes it. In addition Virus
>Total will provide the sample to all participating vendors.
>
>You can also submit a suspect, one at a time, via the following email URL...
>mailto:scan@virustotal.com?subject=SCAN
>
>When you get the report, please post back the exact results.

That is exactly what I am going to do. Thank you.

Massimo

Posted by Massimo on March 12, 2008, 3:08 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello David,

On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"

>
>< snip >
>
>|
>| So I decided to do a first thorough scan with Avira after making the
>| necessary settings in the program and... it found a virus! In
>| C:\Windows\System32\prjChameleon.ocx it found a pattern of
>| SPR/YFlood.A.3.
>|
>
>< snip >
>
>
>
>Please submit a sample of "prjChameleon.ocx" to Virus Total --
>http://www.virustotal.com/flash/index_en.html
>The submission will then be tested against many different AV vendor's scanners.
>That will give you an idea what it is and who recognizes it. In addition Virus
>Total will provide the sample to all participating vendors.
>
>You can also submit a suspect, one at a time, via the following email URL...
>mailto:scan@virustotal.com?subject=SCAN
>
I wanted to follow your advice but there seems to be i little problem:
how do I submit this quarantined file? A short inquiry into Avira
Antivir program settings does not hint to a possibility to submit
quarantined files to other destinations then to Avira-boys themselves.

Any advice?

>When you get the report, please post back the exact results.

Massimo

Posted by David H. Lipman on March 12, 2008, 4:40 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hello David,
|
| On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
|
>>
>> < snip >
>>
>|> So I decided to do a first thorough scan with Avira after making the
>|> necessary settings in the program and... it found a virus! In
>|> C:\Windows\System32\prjChameleon.ocx it found a pattern of
>|> SPR/YFlood.A.3.
>|>
>> < snip >
>>
>> Please submit a sample of "prjChameleon.ocx" to Virus Total --
>> http://www.virustotal.com/flash/index_en.html
>> The submission will then be tested against many different AV vendor's
scanners.
>> That will give you an idea what it is and who recognizes it. In addition
Virus
>> Total will provide the sample to all participating vendors.
>>
>> You can also submit a suspect, one at a time, via the following email URL...
>> mailto:scan@virustotal.com?subject=SCAN
>>
| I wanted to follow your advice but there seems to be i little problem:
| how do I submit this quarantined file? A short inquiry into Avira
| Antivir program settings does not hint to a possibility to submit
| quarantined files to other destinations then to Avira-boys themselves.
|
| Any advice?
|
>> When you get the report, please post back the exact results.
|
| Massimo

It is an OCX file and is not executable.
Temporarily disable AntiVir and restore the file. Then move the restored file
from its
restored location to a different location (e.g; c:\ ) then submit the OCX file
to Virus
Total's web page.

Note the orginal, restored, location in case this is a False Positive.

Then, re-enable AntiVir.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Similar ThreadsPosted
pc infected but cannot find the virus February 5, 2006, 11:35 am
PROGRAM Will not delete all way virus/ malware????? September 20, 2006, 11:38 pm
unknown virus that delete zip and jpeg file June 12, 2007, 2:17 am
How to find virus/worm/trojan on network client September 21, 2005, 11:29 pm
Is this a virus or something else? Disappearing folder named "system", then can't delete the parent June 6, 2006, 6:28 pm
Can You Find Out Who I am? October 31, 2005, 11:27 am
Cannot find IRN.exe March 22, 2007, 9:22 am
RE: adware delete? in use? January 12, 2006, 10:47 am
cannot delete trojan file July 6, 2005, 5:08 pm
Still getting Mail for delete Domain Name? February 24, 2006, 3:54 pm

The site map in XML format XML site map

Contact Us | Privacy Policy