|
Posted by Massimo on March 11, 2008, 4:58 pm
Please log in for more thread options
Hello,
Today I uninstalled McAfee antivirus and firewall programs on my
second computer.
(WindowsXP Home sp2)
I installed in their places Comodo firewall 2.4 (version 3.X does not
work well on that computer) and Avira Antivir Personal Ed. (=free
version).
Of course I updated these programs right after installing them.
So I decided to do a first thorough scan with Avira after making the
necessary settings in the program and... it found a virus! In
C:\Windows\System32\prjChameleon.ocx it found a pattern of
SPR/YFlood.A.3.
Avira offered to quarantine the file and I accepted.
------------------------------------------------
1. During a second scan it found *again* a file contaminated by the
same virus (or whatever it is). I quarantined it again.
2. I wanted to take a look at the Avira-site into their virus-database
in order to find what characteristics SPR,etc. has and to find out
what tot do to get definitively rid of it. But it was nowhere to be
found in this database! Google has only some entries for this
virusname and they didn't help me (Russian, Italian, etc.)
------------------------------------------------
Don't know what to do now.
Please advice?
Regards,
Massimo
(P.S.: I did also scans with Spybot S&D and Ad-Aware on this computer)
|
|
Posted by David H. Lipman on March 11, 2008, 5:19 pm
Please log in for more thread options
show/hide quoted text
< snip >
|
| So I decided to do a first thorough scan with Avira after making the
| necessary settings in the program and... it found a virus! In
| C:\Windows\System32\prjChameleon.ocx it found a pattern of
| SPR/YFlood.A.3.
|
show/hide quoted text
< snip >
Please submit a sample of "prjChameleon.ocx" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition Virus
Total will provide the sample to all participating vendors.
You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN
When you get the report, please post back the exact results.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
|
Posted by Massimo on March 12, 2008, 2:08 pm
Please log in for more thread options Hello David,
On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
show/hide quoted text
>|
>| So I decided to do a first thorough scan with Avira after making the
>| necessary settings in the program and... it found a virus! In
>| C:\Windows\System32\prjChameleon.ocx it found a pattern of
>| SPR/YFlood.A.3.
>|
>Please submit a sample of "prjChameleon.ocx" to Virus Total --
>http://www.virustotal.com/flash/index_en.html
>The submission will then be tested against many different AV vendor's scanners.
>That will give you an idea what it is and who recognizes it. In addition Virus
>Total will provide the sample to all participating vendors.
>You can also submit a suspect, one at a time, via the following email URL...
>mailto:scan@virustotal.com?subject=SCAN
>When you get the report, please post back the exact results.
That is exactly what I am going to do. Thank you.
Massimo
|
|
Posted by Massimo on March 12, 2008, 3:08 pm
Please log in for more thread options Hello David,
On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
show/hide quoted text
>|
>| So I decided to do a first thorough scan with Avira after making the
>| necessary settings in the program and... it found a virus! In
>| C:\Windows\System32\prjChameleon.ocx it found a pattern of
>| SPR/YFlood.A.3.
>|
>Please submit a sample of "prjChameleon.ocx" to Virus Total --
>http://www.virustotal.com/flash/index_en.html
>The submission will then be tested against many different AV vendor's scanners.
>That will give you an idea what it is and who recognizes it. In addition Virus
>Total will provide the sample to all participating vendors.
>You can also submit a suspect, one at a time, via the following email URL...
>mailto:scan@virustotal.com?subject=SCAN
I wanted to follow your advice but there seems to be i little problem:
how do I submit this quarantined file? A short inquiry into Avira
Antivir program settings does not hint to a possibility to submit
quarantined files to other destinations then to Avira-boys themselves.
Any advice?
show/hide quoted text
>When you get the report, please post back the exact results.
Massimo
|
|
Posted by David H. Lipman on March 12, 2008, 4:40 pm
Please log in for more thread options
| Hello David,
|
| On Tue, 11 Mar 2008 21:19:14 GMT, "David H. Lipman"
|
show/hide quoted text
>|> So I decided to do a first thorough scan with Avira after making the
>|> necessary settings in the program and... it found a virus! In
>|> C:\Windows\System32\prjChameleon.ocx it found a pattern of
>|> SPR/YFlood.A.3.
>> Please submit a sample of "prjChameleon.ocx" to Virus Total --
>> http://www.virustotal.com/flash/index_en.html
>> The submission will then be tested against many different AV vendor's
scanners.
show/hide quoted text
>> That will give you an idea what it is and who recognizes it. In addition
Virus
show/hide quoted text
>> Total will provide the sample to all participating vendors.
>> You can also submit a suspect, one at a time, via the following email URL...
>> mailto:scan@virustotal.com?subject=SCAN
| I wanted to follow your advice but there seems to be i little problem:
| how do I submit this quarantined file? A short inquiry into Avira
| Antivir program settings does not hint to a possibility to submit
| quarantined files to other destinations then to Avira-boys themselves.
|
| Any advice?
|
show/hide quoted text
>> When you get the report, please post back the exact results.
|
| Massimo
It is an OCX file and is not executable.
Temporarily disable AntiVir and restore the file. Then move the restored file
from its
restored location to a different location (e.g; c:\ ) then submit the OCX file
to Virus
Total's web page.
Note the orginal, restored, location in case this is a False Positive.
Then, re-enable AntiVir.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
|
| Similar Threads | Posted | | PROGRAM Will not delete all way virus/ malware????? | September 20, 2006, 11:38 pm |
| unknown virus that delete zip and jpeg file | June 12, 2007, 2:17 am |
| pc infected but cannot find the virus | February 5, 2006, 11:35 am |
| NETSKY.B infection, cant find any virus | March 22, 2005, 3:19 am |
| Is this a virus or something else? Disappearing folder named "system", then can't delete the parent | June 6, 2006, 6:28 pm |
| Trying to find info on virus / trojan attacks | June 12, 2005, 9:42 pm |
| How to find virus/worm/trojan on network client | September 21, 2005, 8:29 pm |
| cannot delete trojan file | July 6, 2005, 2:08 pm |
| Still getting Mail for delete Domain Name? | February 24, 2006, 3:54 pm |
| Re: Still getting Mail for delete Domain Name? | February 24, 2006, 4:02 pm |
|
XML Sitemap