Results 1 to 6 of 6

Thread: W32/Browney.a.worm

  1. #1

    W32/Browney.a.worm

    ok i just found a lot pf infected files in the RESTORE folder, especifically in the TEMP and ARCHIVE folders.
    i booted from a floppy and deleted all files in the ARCHIVE directory but i could not delete the TEMP directory th PC just keeps hanging.

    Maccafee viruscan tells me the virus is a: W32/Browney.a.worm but it can´t clean or delete the files...
    is there a way to get rid of this worm or delete the files ???(from win it´s impossible)

  2. #2
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636
    It depends on the Windows version, really...

    To delete the 'Temp' files, just modify (edit) the autoexec.bat file in the treetrunk...

    At the end of the script in the autoexec.bat file, just add:

    DelTree c:\Windows\Temp
    MD c:\Windows\Temp

    The MD command is to, obviously, recreate the Temp folder, which, when lacking, Windows has a f***ing tantrum.

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  3. #3
    Senior Member Ouroboros's Avatar
    Join Date
    Nov 2001
    Location
    Superior, WI USA
    Posts
    636
    Once again, Und3ertak3r, wouldn't one, depending on the Windows version, restart or subregate into DOS and perform a -h -s command to free the files? I presume that most users know that Windows is a bitch to work with only because it closes off, by default, the freedom to use its full power (use 'winipcfg' as an example). In the process of learning about DOS, I understood many commands that were "hidden" in Win 3.11. This knowledge should not be shadowed. The key is to find the folders and files that are causing the problem and remove them...but recreate blank folders to accept default info in the process.

    Ouroboros
    "entia non sunt multiplicanda praeter necessitatem"

    "entities should not be multiplied beyond necessity."

    -Occam's Razor


  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Freejack.. Why the Double Thread..
    You already had information on this problem on a thread you already started..onthe 20th

    http://www.antionline.com/showthread...hreadid=241454
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    sorry for the double posting, but in the first thread i didn´t what virus i had
    finally i solved the problem
    thanx a lot

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    This is a peer-to-peer worm that spreads via KaZaa. The only purpose of the worm is to spread. It does not contain a damaging payload. When run, it copies itself to the %WinDir%\System32 directory as DirectXset.exe and creates a registry run key to load itself at startup:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
    Run "DirectX64" =C:\WINDOWS\System32\DirectXset.exe
    The HKEY_CURRENT_USER\Software\KAZAA\LocalContent registry key is queried to locate the last "Dir" that is shared. The worm then creates a new shared directory, such as Dir4 = 012345:C:\WINDOWS\System32\Setup32\. 26 copies of the worm are saved to this directory using the following filenames:
    Audio Catalyst 2.1.exe
    Borland Delphi 7 Crack.exe
    CladDVD XP 2 by fosi.exe
    GFI Languard V4 Beta.exe
    How to use Languard.exe
    Mc Affee anti Virus Scan Patch.exe
    Medal of Honor by TNT Keygenerator.exe
    Movie Jack 2.exe
    MS Windows Keygenerator all Versions_XP_2k_ME_98_95 .exe
    Nero 5.5.9.14 Full + All Plugins Updates + Serial Keygen.exe
    Norton AntiVirus 2003 Crack by Reality.exe
    Office XP Keygenerator.exe
    Partition Magic 7.exe
    PowerDVD 5 - Keygenerator.exe
    ProgDVB 3.29.exe
    Quake all Versions Keygenerator.exe
    Sim City 4 Download FULL.exe
    SimCity 4 No CD Crack.exe
    Ultra edit 32 new version + serial.exe
    Unreal 2003 cd Crack 4 Ver 2166.exe
    Unreal 2003.exe
    Unreal Tournament 2003 internet Keygenerator-NEW.exe
    Winamp 4 Beta.exe
    Windows Longhorn Alpha Security Patch.exe
    WinDVD Platinum all languages.exe
    Zone Alarm Security Patch - 2003.exe
    A file, readthisworld.txt, is also saved to this directory, containing the text Steph.With nice brown eyes .. 4 ever.
    for view detail click here .
    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •