August 13th, 2004, 12:37 AM
my officescan client detected that my computer effected with worm korgo.v, bat sasser.A, worm_rbot.zg. it said it cannot perfom cleaning process so it is quarintine. that i run my norton antivirus but my norton antivirus said my system is clean. that my spybot- search and destroy keep on pop me up with "cannot download double click". am my computer effected with virus or it just an error with my system. thank for the reply.
August 13th, 2004, 03:25 AM
When I used to run windows I noticed that I always had the double click thing. I think that it actually comes from AO (the main ad is from double click I think). Ummm on the sasser worm and korgo, is your Norton up2date? Just a thought.
August 13th, 2004, 03:56 AM
i have update my norton antivirus. and i have del the directory where the worm exist. but from the norton antivirus web, i found that the worm also create some value inside my registry but when i check it out, the value didn't exist.
i follow the instructiong from http://securityresponse.symantec.com...2.korgo.v.html .now i'm not confident that i system is really secure for worldwide connection.
how can i undo all the thing that the virus do?? i check the registry, thing that i understand, but what about sth like this
one more thing when i run nestat -an it said some port is listening. but the foreign address is 0.0.0.0:0. is it posibility because of the virus activity, if yes how do i disable it.
When W32.Korgo.V is executed, it performs the following actions:
Deletes the file, ftpupd.exe, from the folder in which the worm was executed.
Creates the mutex "uterm19" to ensure that only one instance of the worm is executed on the computer.
Creates the event object "u19x."
Opens the following event objects:
Deletes the values:
"Windows Security Manager"
"System Restore Service"
"Windows Update Service"
"MS Config v13"
thank for the quick reply and help
August 13th, 2004, 04:35 AM
ok, once norton quarentines a file it wont detect that file as a virus again. as far as you system is concerned it's gone. norton caught the virus before it had a chance to download all the other files thats why you cant find them. either that or they're in quarintine. try looking in norton 'view>>quarentine'
double-click, aveA, etc., are well known for planting identifying cookies (data miners). spybot blocks them.
both programs are working as they should
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
August 13th, 2004, 05:26 AM
just now i run online scanning using panda actice scan. and this is the report.
seem like the virus still rest in my sytem. now redo the scanning.
Incident Status Location
Virus:Trj/Qhost.gen Disinfected C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs
Virus:Trj/Sysgotem.B Disinfected C:\WINDOWS\System86.dll
August 13th, 2004, 06:52 AM
do u think i should format my hd. it is because i have try panda and norton online scan. all of the scanning gave different result. mean they find a virus but with different name and location. i wondering how many virus in my system righ now. just now i redo the scanning with panda, and still alert me i have a virus but different kind of virus.
can i save my hard disk for being formated. just to get rid of this nasty virus.
any idea for me to solve this problem. help needed.
August 13th, 2004, 08:47 AM
I think your having conflictions with your AV man. You shouldn't run two anti-virus programs at once. http://service1.symantec.com/SUPPORT...00031316555206
When death sleeps it dreams of you...