[pchelpers] Re: indomitable malware - Antivir best antimalware program

From: Scott McNay <wizard@xxxxxxxx>
To: "Ekhart GEORGI (last name last)" <pchelpers@xxxxxxxxxxxxx>
Date: Tue, 20 Mar 2007 21:28:31 -0500

Hi Ekhart,

Tuesday, March 20, 2007, 7:43:32 PM, you wrote:

EGlnl> Seems that something very insidious is still on the sick laptop
EGlnl> despite the clean HJT and AutoRuns logs. The Windows firewall
EGlnl> still refuses to run, and after i deleted the following two
EGlnl> bogus services using HJT's special tool, the computer can only
EGlnl> be started in safe mode:

EGlnl> O23 - Service: Network Windows Service (MSWindows) - Unknown
EGlnl> owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)

This is apparently also an Allaple variant.

EGlnl> O23 - Service: Windows Service Monitor (winsvcmon) - Unknown
EGlnl> owner - C:\WINDOWS\System32\winsvcmon.exe

SDBOT.

Check to see if either urdvxc or winsvcmon is listed in the registry.
If one is a prerequisite for a legit service, then you'll have trouble
booting into normal mode.

For Windows Firewall, run WinsockFix if you haven't already.

If that doesn't work, check this page; these instructions should do
pretty much the same thing that WinsockFix does, but perhaps not.
http://forum.oscr.arizona.edu/showthread.php?t=2284


EGlnl> Before doing that, i disabled almost everything in Startup
EGlnl> Control Panel and ran Kaspersky, which found 127 copies of the
EGlnl> net-worm.win32.Allaple.a in htm files that it disinfected. I
EGlnl> had no idea worms could be embedded in htm files nor that these
EGlnl> can be disinfected.

http://www.f-secure.com/v-descs/allaple_a.shtml

   "The worm copies itself multiple times to a hard drive and also
   affects HTML files."

Data can be embedded in HTM files, such as in the form of a script.

I suspect that they may have been disinfected by deleting them.

-- 
Scott.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Follow-Ups:

[pchelpers] Re: indomitable malware - Antivir best antimalware program
From: Ekhart GEORGI (last name last)

References:
- [pchelpers] indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: John Durham
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Scott McNay
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Scott McNay
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Scott McNay
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Scott McNay
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Scott McNay
- [pchelpers] Re: indomitable malware - Antivir best antimalware program
  - From: Ekhart GEORGI (last name last)

[pchelpers] Re: indomitable malware - Antivir best antimalware program

Other related posts: