ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Trojan.HacDef and Worm.Mytob... now what?
merle


Joined: 06 Feb 2006
Posts: 2
Reply with quote
hello all,

I have been using linux for some time (windows for games only) and now that I return to Windows I have to worry again about viruses. Except that I am a bit clueless about what to do with them... ClamWin told me that he found Trojan.HacDef-8 and Worm.Mytob.AS, which is strange because the system is only 1 week old, behind a firewall and I haven't done anything suspicious. What do I do now? Are there (free) ways to disinfect? Are those false positive and how would i know that? Those seems to be system files, so I can't just delete/quarentine them without disturbing stuff. Btw for the last 2 days, I has been unable to dowload anything, the files where always corrupted (bad CRC), perhaps this is the cause...

Thanks...

--------------------------------------
Scan started: Mon Feb 6 22:31:16 2006

ERROR: Can't open file C:\WINDOWS\system32\config\default
ERROR: Can't open file C:\WINDOWS\system32\config\SAM
ERROR: Can't open file C:\WINDOWS\system32\config\SECURITY
ERROR: Can't open file C:\WINDOWS\system32\config\software
ERROR: Can't open file C:\WINDOWS\system32\config\system

C:\Documents and Settings\ac\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\Documents and Settings\Merle\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\WINDOWS\system32\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\WINDOWS\system32\spoolsvc.exe: Worm.Mytob.AS FOUND
-- summary --
Known viruses: 44039
Engine version: 0.88
Scanned directories: 1479
Scanned files: 25188
Infected files: 4
Data scanned: 7599.12 MB
Time: 1591.750 sec (26 m 31 s)
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
scan them at http://virustotal.com to see if other av programs detect anything
View user's profileSend private message
merle


Joined: 06 Feb 2006
Posts: 2
Reply with quote
Thanks for the site. I sent them to virustotal, and every anti-virus found something (with almost always different names...), so I guess this is not a false positive. Is there a way of cleaning? As those are system files, do I have to reinstall the whole thing to get rid of them? I guess next time I will just stick with linux Mr. Green.

(maybe you should stick some common response/site on top of this forum (or put them in the FAQ), to avoid telling the same advice several time a day... Isn't there some common resource site which which would list such info?)
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
you can safely remove these files, they are not system files, just pretending:
Quote:

C:\Documents and Settings\ac\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\Documents and Settings\Merle\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\WINDOWS\system32\msdirectx.sys: Trojan.HacDef-8 FOUND
C:\WINDOWS\system32\spoolsvc.exe


move them to a separate directroy just in case but I am almost certain your system will not notice their abscense.[/code]
View user's profileSend private message
Trojan.HacDef and Worm.Mytob... now what?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic