On Tue, Oct 28, 2014 at 10:47 AM, Stephen Adler <[email protected]> wrote: > So I go off and do a google search for Worm.VB-269 and I don't really > find anything on it that tells me anything of what the worm does... I > was hoping to find like a wiki page details all known viruses, what they > do and how to eliminate them. Can anyone give me some pointers on how to > find out what Worm.VB-269 does? Thanks!
Different AV vendors use different codes. CLAM is not popular in Windows world, so their codes aren't in most articles. Worm.VB-269 = W32/Autorun.worm!rz = Worm:Win32/Autorun.LD = WORM_VB.JRI = Trojan.Agent.AMQM http://threatcenter.crdf.fr/?More&ID=251154&D=CRDF.Worm.Worm.Win32.VB343982929 ( Thank you France ! ) so google this - "W32/Autorun.worm!rz" OR "Worm:Win32/Autorun.LD" OR "WORM_VB.JRI" OR "Trojan.Agent.AMQM" Suspected of infected Registry as well net drive/removables, as Hosts file blocking security tool DNS. The MS system cleaners may be able to clear this up for you. http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm:Win32/Autorun.LD http://www.threatexpert.com/report.aspx?md5=1124a64b901bc03295ae0f6d958bc1bf http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=144588 [ In the general desktop case, the guys are right about wipe and update being the surest solution -- and resistance to THIS threat on later editions (took long enough!) but since you HAD this problem, you obviously are stuck supporting legacy so I didn't bother mentioning such irrelevance. This specific trojan/worm is simple enough that MS free tools linked from their page above should be sufficient. Lather rinse repeat: run A, B, A, B, ... until both say CLEAN. ] Step ONE is still either shutting down the network (probably unacceptable) or blocking these files from reappearing as discussed previously, so it doesn't re-infect as you clean. And root on the share should be R/O for cleanliness from now. -- Bill Ricker [email protected] https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
