Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Worms.... Please help [SOLVED]


sojanponnoly

Recommended Posts

Thanks for replying to earlier posts...i would like to tell you that duplication of all the folders have occured in most of the drives(G,E,F) ....I have been scanning all the drives for the past 2 days & removing all the threats using IObit Security 360.......i also uploaded one of the duplicated folders in Virus total & following result was found:

 

Antivirus Version Last Update Result

a-squared 4.5.0.24 2009.10.03 Worm.Win32.AutoRun!IK

AhnLab-V3 5.0.0.2 2009.10.03 -

AntiVir 7.9.1.27 2009.10.02 Worm/Sohanad.41755

Antiy-AVL 2.0.3.7 2009.10.03 -

Authentium 5.1.2.4 2009.10.03 W32/SuspPack.AC.gen!Eldorado

Avast 4.8.1351.0 2009.10.03 Win32:AutoRun-AUV

AVG 8.5.0.420 2009.10.03 -

BitDefender 7.2 2009.10.04 Win32.Worm.YahLover.C

CAT-QuickHeal 10.00 2009.10.03 Trojan.Agent.ATV

ClamAV 0.94.1 2009.10.03 Worm.Autorun-1782

Comodo2505 2009.10.03 -

DrWeb5.0.0.12182 2009.10.03 Win32.HLLW.Autoruner.6522

eSafe 7.0.17.0 2009.10.01 Suspicious File

eTrust-Vet 31.6.6774 2009.10.02 Win32/Yahlover.GC

F-Prot 4.5.1.85 2009.10.03 W32/SuspPack.AC.gen!Eldorado

F-Secure8.0.14470.0 2009.10.03 IM-Worm.Win32.Sohanad.gen

Fortinet 3.120.0.0 2009.10.03 -

GData 19 2009.10.04 Win32.Worm.YahLover.C

IkarusT3.1.1.72.0 2009.10.03 Worm.Win32.AutoRun

Jiangmin 11.0.800 2009.09.27 -

K7AntiVirus 7.10.861 2009.10.03 Trojan.Win32.Malware

Kaspersky 7.0.0.125 2009.10.04 IM-Worm.Win32.Sohanad.gen

McAfee5760 2009.10.03 W32/Yahlover.worm.gen.c

McAfee+Artemis 5760 2009.10.03 W32/Yahlover.worm.gen.c

McAfee-GW-Edition6.8.52009.10.03 Worm.Sohanad.41755

Microsoft 1.5101 2009.10.03 Worm:Win32/Tupym.A

NOD32 4478 2009.10.03 Win32/Autoit.EB

Norman 6.01.09 2009.10.03 -

nProtect 2009.1.8.0 2009.10.03 Worm/W32.Sohanad_Packed.417559

Panda 10.0.2.2 2009.10.03 W32/Sality.AF

PCTools 4.4.2.0 2009.10.03 Worm.AutoRun.esf

Prevx 3.0 2009.10.04 -

Rising 21.49.22.00 2009.09.30 -

Sophos 4.45.0 2009.10.03 W32/AutoRun-AOA

Sunbelt 3.2.1858.2 2009.10.03 IM-Worm.Win32.Sohanad.gen

Symantec 1.4.4.12 2009.10.03 W32.Imaut.E

TheHacker 6.5.0.2.028 2009.10.03 W32/Sohanad.gen

TrendMicro 8.950.0.1094 2009.10.03 -

VBA323.12.10.11 2009.10.03 Trojan-Downloader.Autoit.gen

ViRobot 2009.10.2.1968 2009.10.02 -

VirusBuster 4.6.5.0 2009.10.03 Worm.Autoit.SY

Additional information

File size: 417559 bytes

MD5...: 6ec2f1f9507027544b86c59ee428ecb6

SHA1..: 906950a2df0cce400c638bd7c9e79d6136d5fafb

SHA256: 72673bddd2619e4d6535c076efc68290fcdaa9deefd6a9571c7cf47961ddb160

ssdeep: 6144:NYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ewyMdr:NSNC80I+cR3R03Vseer

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x9acb0

timedatestamp.....: 0x482d38ba (Fri May 16 07:33:14 2008)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

UPX0 0x1000 0x62000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

UPX1 0x63000 0x38000 0x38000 7.93 fd778de86ffa0943ad88ad69aa6f086d

.rsrc 0x9b000 0x9000 0x8800 4.76 807970d2d54ca7f456ada8e9c27c72b4

.TUPX1 0xa4000 0xf000 0xf000 0.00 84c48b8da7e9b9d3c5667ad9819debd9

 

( 13 imports )

> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess

> ADVAPI32.dll: RegCloseKey

> COMCTL32.dll: ImageList_Create

> comdlg32.dll: GetSaveFileNameW

> GDI32.dll: LineTo

> MPR.dll: WNetUseConnectionW

> ole32.dll: CoInitialize

> OLEAUT32.dll: -

> SHELL32.dll: DragFinish

> USER32.dll: GetDC

> VERSION.dll: VerQueryValueW

> WINMM.dll: timeGetTime

> WSOCK32.dll: -

 

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..:

original name: n/a

internal name: n/a

file version.: 3, 2, 12, 0

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

packers (Authentium): UPX

trid..: UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

packers (F-Prot): UPX

Link to comment
Share on other sites

Please use Unlock and Delete to remove:

  • C:\Program Files\LAN Voice Chat\Speechs.exe

 

Then check the box in Hijack Scan to remove:

  • O23 - Service: Glasovne poruke (Speechsrv) - Unknown - C:\Program Files\LAN Voice Chat\Speechs.exe

 

Please then run another scan with Security 360.

Link to comment
Share on other sites

Guess problem is solved......

 

Thanks for all the help....

 

i have removed & deleted the following as per your instructions:

 

 

 

C:\Program Files\LAN Voice Chat\Speechs.exe

O23 - Service: Glasovne poruke (Speechsrv) - Unknown - C:\Program Files\LAN Voice Chat\Speechs.exe

 

The iorbit scan did not detect any threats after this .thanks .

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...