New
#11
im scanning using avast right now, and and it's true, they all infected by win32:vb-ojq which by avast detected as worm. thank you for all of you for tried answering my thread.
Hi.
Just looking up information on this one.
https://virustotal.com/en/file/f4a80...is/1487901266/
Looking at the Microsoft description, it appears that this infection is not only a worm, but it is also a backdoor, and information stealer:
PWS:Win32/VB.CU threat description - Windows Defender Security Intelligence
So, any other systems that are connected to your network need to be cleaned as well, and all passwords need to be changed from a known-clean system. Also, any flash drives/USB-connected drives should be considered suspect and cleaned. It would be prudent to install Panda USB vaccine.
Download Panda USB and AutoRun Vaccine - MajorGeeks
Avast should get the bulk of it out. You may want to run ADWCleaner as well.
Downloads - AdwCleaner - ToolsLib
Personally, I would restore a clean image (if you have one). Worms are a bear, and effect your computer's networking.
After looking at this more, if you don't have a Macrium image to restore, I think a clean install is in order.
Payload
Disables network services
PWS:Win32/VB.CU disables the SharedAccess service which is responsible for the systems network connection activity.
Steals sensitive information
This password stealer logs clicks, keystrokes and window titles. It also collects the following information:
- email configuration (user name, password, email recipients, SMTP server, server port, authentication status, whether it is using SSL)
- instant messenger credentials
- downloaded files
- websites visited
- search keywords
- operating system
- Internet browser and version
- software installed in the system
- clipboard contents
- desktop captures
- network shared resources connected to the computer
Overwrites files
PWS:Win32/VB.CU overwrites executable files found in the same folder in which it was initially executed.
Additional information
PWS:Win32/VB.CU enables and starts the Schedule service to make sure the created scheduled job executes its dropped copy every day. To prevent its detection in the affected computer, it terminates its own processes.
I think if i did a clean installation now isn't a right time, because i have several project to finished by december. And I already finished scanning, and exe files with shield logo is removed. I dont know if the worms are still there, but i just make sure by checking the process that running in the task manager one by one.
Thanks once again for replying my thread, for now i just mark this thread as solved.
You might like to investigate a program such as Secureaplus
Free Cloud Antivirus Application Control for PC | SecureAPlus
- It can exist alongside Avast (as I have it); it's a white-listing program, so anything that runs has to be authorised. Initially you can approve everything if you think your PC is clean, and after that it's reasonably unobtrusive.
In addition you get multi-engine on-line scanning support, with the option of real-time protection.
They run giveaways sometimes of 18 month or so licenses- there was another recently.
Also as we constantly advise, protect your PC (especially as you're doing a time-critical project) by using disk imaging routinely so you can be back up and running quite quickly without technical help even if your PC becomes unbootable or your disk fails, or you suffer a severe virus. E.g. Macrium Reflect (free) + external disk to store disk image sets.