Jump to content
arulsr

Virus Worms.win32.agent.p Ngan Lg 1

Recommended Posts

Are the infected files viewable?

If the infected files are viewable but undeleteable, you can try an excellent freeware like Unlocker. The files are probably used by certain malicious processes. Unlocker can tell you which process is using the infected file and you can terminate it.

Download it here> http://ccollomb.free.fr/unlocker/

If you manage to identify the infected files, you can use excellent archiving tools like WinRar or WinZip to compile them and upload to http://virusscan.jotti.org. Multiple scanners are used to determine if the files are infected. If so, recompile another archive, password protect it and mail it to your anti-virus provider(eg. Grisoft). Remember to include the password in your email! New definitions to detect and remove the virus would made almost immediately.

All the best.

Share this post


Link to post
Share on other sites

hang kena masuk task manager..pas tu end process yg tak berkenaan..jgn risau,klu ter end window process pc akan restart balik..cuba carik process yg jarang hang tengok,atau yg pelik processnyer..lepas end br leh delete..k try dulu,klu tak leh try pm otai2 lain plak.

Share this post


Link to post
Share on other sites

hang kena masuk task manager..pas tu end process yg tak berkenaan..jgn risau,klu ter end window process pc akan restart balik..cuba carik process yg jarang hang tengok,atau yg pelik processnyer..lepas end br leh delete..k try dulu,klu tak leh try pm otai2 lain plak.

You'll be better off using Unlocker to terminate the process.

Share this post


Link to post
Share on other sites

anda pakai kaspersky AV ker ? -> Worm.Win32.Agent.p

scan dengan Antivirus lain, dalam Safe Mode

Aliases

* Worm.Win32.Agent.p

* W32/Anis.worm

* Win32/Agent.P

* TROJ_AGENT.GCF

W32/Anis-A is a worm for the Windows platform.

W32/Anis-A spreads by copying itself with the filename ie.exe to the available network drives. In order to make sure that the file ie.exe is executed on drive access W32/Anis-A creates the file autorun.inf.

When first run W32/Anis-A copies itself to \Internet Explorer\iexp1ore.exe and creates the following files:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk

<Desktop>\Internet Explorer.lnk

<Program Files>\Internet Explorer\IEKey.dll

<Program Files>\Internet Explorer\IEdate.dll

The file IEKey.dll is a text file that contains the full path to the worm executable. The file IEdate.dll is also a text file. These files may be safely deleted.

Share this post


Link to post
Share on other sites

From Sophos

W32/Anis-A

Summary: Name W32/Anis-A

Type Worm: How it spreads Removable storage devices

Affected operating systems: Windows

Side effects:

1) Downloads code from the internet

2) Installs itself in the Registry

3) Monitors browser activity

Aliases:

1) Worm.Win32.Agent.p

2) W32/Anis.worm

3) Win32/Agent.P

4) TROJ_AGENT.GCF

Protection available since: 12 January 2007 15:45:09 (GMT)

Detected by: All versions of Sophos Anti-Virus

Included in our products from: March 2007 (4.15)

Description:

W32/Anis-A is a worm for the Windows platform.

Advanced:

W32/Anis-A is a worm for the Windows platform.

W32/Anis-A spreads by copying itself with the filename ie.exe to the available network drives. In order to make sure that the file ie.exe is executed on drive access W32/Anis-A creates the file autorun.inf.

When first run W32/Anis-A copies itself to \Internet Explorer\iexp1ore.exe and creates the following files:

<User>\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk

<Desktop>\Internet Explorer.lnk

<Program Files>\Internet Explorer\IEKey.dll

<Program Files>\Internet Explorer\IEdate.dll

The file IEKey.dll is a text file that contains the full path to the worm executable. The file IEdate.dll is also a text file. These files may be safely deleted.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...