 | How can I get rid of Worm.Sohanad-1? |  |
kri8v1
Joined: 05 Apr 2007 |
Posts: 0 |
Location: India |
|
 |
Posted: Thu Apr 05, 2007 12:25 pm |
|
 |
 |
 |
 |
Hello there,
I am using Clamwin on a Windows 2003 server where a folder on the E:\ drive is being shared with other PCs in our LAN. This shared folder keeps getting a "New Folder.exe" file which is identified by ClamWin as a worm. An excerpt of the virus scan report is below:
C:\WINDOWS\system32\ActiveScan\pskavs.dll: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.pskavs.dll'
WARNING: Can't open file \\?\C:\WINDOWS\system32\dhcp\dhcp.mdb
WARNING: Can't open file \\?\C:\WINDOWS\system32\dhcp\tmp.edb
E:\RESUMES\New Folder.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.New Folder.exe'
C:\WINDOWS\system32\ActiveScan\pskavs.dll: Sirius.Annihilator.272 FOUND
E:\RESUMES\New Folder.exe: Worm.Sohanad-1 FOUND
However, everytime Clamwin removes this worm, it reappears within a few seconds. This does not look like it is too damaging a worm but I would like to get rid of it nonetheless to breathe easier. Can you help? Thank you.
|
|
 |
 | |  |
sherpya
Joined: 22 Mar 2006 |
Posts: 0 |
Location: Italy |
|
 |
Posted: Thu Apr 05, 2007 2:02 pm |
|
 |
 |
 |
 |
you may try memory scan by adding --unload as additional advanced option but beware if the dll is injected in a system process rather then explorer it can reboot your system,
remember to select quarantine and not report only
|
|
 | Siris Annihilator |  |
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Thu Apr 05, 2007 2:25 pm |
|
 |
 |
 |
 |
I got it a couple of months ago. It seems to be ad/spyware. Turn off System Restore, and then run a couple of scans. Run a good spyware program. I got rid of it after I got the trial version of NOD32. I didn't have any problems after that.
Have you used Panda Antivirus lately? There seems to be some indication it may be harbor the little critter. I recall that I was fooling around with Panda before I got it. Here's some info: https://lurker.clamav.net/message/20050910.232634.30d8f357.en.html.
Regards,
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.