[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

first has bitdefenderx/msdirectx and now i have i-worm bofra

Posted on 2005-04-20
9
Medium Priority
?
261 Views
Last Modified: 2010-04-11
Had a real nasty-msdirectx/collected.5.L/( IPOT bitdefenderx according to HJT) according to AVG. It took me a while, about a week, but i think its gone.
What i did to finally get rid of it, after several other attempts, was:
- turned off system restore
- made all hidden files viewable
- booted in safe mode with networking
- completed install of ZoneAlarm - this would not startup in normal mode due to virus interference. kept getting vector failures. now its OK
- ran online trendmicro system scan - it detected 4 viruses and fixed
- updated and ran spybot 1.3 - found 5 bad entries and cleaned
- update and ran adaware SE - was clean
- ran ccleaner - deleted all temp files etc...
- ran HijackThis - deleted 4 entries for IPOT bitdefenderx and compaq.exe. these are the ones that kept coming back for a week.
- reran HijackThis - no bad entries! it been good for several days
- rebooted normal
- ran hijackthis - no bad entries
- ran AVG and it was clean
- left PC on and ran a scheduled overnight AVG antivirus - it came up with this bofra i-worm. deleted file
- ran AVG - it was clean
- ran HijackThis - it was clean
- left PC on for  few days except for some restarts
- ran another AVG virus scan - same i-worm is back

PC seems to be running fine! but AVG seems to find i-worm everyday(run 2 scans day since this started and it finds i-worm around every other full scan)! did above all over again but AVG still reports this virus after a while.
0
Comment
Question by:pdadddino
  • 4
  • 3
  • 2
9 Comments
 
LVL 12

Expert Comment

by:rossfingal
ID: 13827402
Hi!

If this is XP - did you turn off "System Restore"?

RF
0
 

Author Comment

by:pdadddino
ID: 13827491
did u read the 3rd line ;-)
0
 

Author Comment

by:pdadddino
ID: 13827494
it is XP home
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
LVL 12

Expert Comment

by:rossfingal
ID: 13827598
Ooops!  Me bad!  :)
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 13827627
Hi!

Try running this scanner - sometimes it finds things that others miss
Free version finds thing - pay ver. cleans them.
EScan-MWAV
http://www.mwti.net/antivirus/free_utilities.asp

RF
0
 
LVL 9

Accepted Solution

by:
fixnix earned 2000 total points
ID: 13827920
Make sure you grabbed all the doze updates.

For a/v, I really prefer Kaspersky for loads of reasons...although it is a resource hog so you may decide not to use it as your main/normal av scanner, BUT it is a darn good one at cleaning and they have free trials available for download.  It should at least be able to get you clean for free then you can uninstall it and use something else if you wish before the 15 day trial expires.  Just be sure to grab the updated virus definitions...and you can even use the "extended" definition database for greater scanning capability (at an increased risk of detecting false positives....I'd rather detect too much than too little anyway).  www.kaspersky.com  They release updated definitions every _hour_ compared to some av proggies only grabbing updates once a week.  I don't work for them, I'm not a reseller, and heck...I even suggested how to legitimately use it for free by uninstalling before the trial is over...I just believe in their products that much.

Zone alarm is a popular firewall that clever worms like to bypass, too (they can wait until the computer has been idle for an hour, assume that means nobody is using it or watching the screen, attempt to send traffic out to the net and watch for the popup box asking "you" if you want to allow program blahblahblah to access the internet, then it graciously clicks <OK> for you....other bypassing techniques used by clever malware can suspend certain firewall services or just terminate the process (if the worm exploited your system and gained SYSTEM privs...it could do things even ADMINISTRATOR can't do)).  I prefer sygate's personal firewall (free) over ZA anyday...but everyone has their opinions.  ZA still spanks the rediculously easy-to-bypass XPSP2 firewall (from a malware perspective), but I'd be willing to bet there are more malware code tidbits w/ built in ZA defeating routines than sygate defeating ones.

In short, hit windows update and make sure you're current there, then download a Kaspersky trial from www.kaspersky.com, install, update the virus defs using the extended database,  download sygate's personal firewall (http://smb.sygate.com/products/spf_standard.htm), go off line (pull the nic cable out), scan, uninstall ZA, install sygate, reboot & go back on line and keep on truckin ;)  (but don't use IE for general browsing or you're just asking for more malware ;))
0
 

Author Comment

by:pdadddino
ID: 13828209
will give it a try and let u know!
for general browsing?
personally i use firefox. in this case it is netscape navigator
0
 
LVL 9

Expert Comment

by:fixnix
ID: 13828426
Good deal :)
0
 

Author Comment

by:pdadddino
ID: 13833404
Ran Kaspersky in safe mode after downloading and updating. It found 8 viruses and the box appears to be clean!
Definetly recommend this and will use it going forward. I am going to run it on 1 of my desktops that my kids have been beating up. AVG keeps reporting 12 viruses but will not clean them up!

Thanks to all
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question