PDA

Visualizza versione completa : Virus win32 WEIRD aiuto!!


Scleb
15-06-2002, 21.56.17
come lo rimuovo mi infetta tutti gli exe che mi danno errore all' apertura tranne qualche eccezione come ie ho scaricato un file per rimuovere il virus e ovviamente essendo un exe da' errore ho provato ad avviarlo da dos e mi dice che na roba per win


come elimino sto virus?????

IrONia
16-06-2002, 12.22.23
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=PE_WEIRD



se non ho capito male un trojan...puoi usare the cleaner:

www.moosoft.com


o tauscan

http://www.agnitum.com/products/tauscan/

Weird is a not dangerous memory resident parasitic Win32 virus. It writes itself to the end of PE EXE files (Windows executable) by increasing last file section and modifying PE header fields. The virus copy in infected files consists of two parts. First part (starter) is a short routine (about one kilobyte of code and data), the second part is the main virus code (about 10Kb of size) encrypted with silly encryption loop.

When the infected file is executed, the starter takes control, decrypts the second part of virus code, drops it to Windows directory as a PE EXE file with random name and executes it. The main virus instance stays memory resident as a hidden Windows application, runs a low priority thread that periodically scans drives' directory trees, looks for PE EXE files and infects them.

The virus also affects the EXPLORER.EXE file. It copies it with the EXPLORER.E name, infects this copy and writes the [rename] instruction to the WININIT.INI file to replace original EXPLORER.EXE with infected copy on next Windows startup.

The virus has a backdoor ability. When it is active as a Windows application it opens Internet connection and waits for specific calls from there. The virus has a lite list of supported commands comparing to other known backdoors, but it allows to upload, download, execute and delete files on the infected machine from remote host.

The virus contains the "copyright" text:


#Coded by Weird#

[Analysis: Kaspersky Labs; January 2002]

ciaoooo