Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
Aug 28th, 2008, 2:09pm
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   Cant we delete the Worm.Win32.Womble.d!!!!		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: Cant we delete the Worm.Win32.Womble.d!!!!  (Read 114 times)
seenujanu
Newbie
*





   


Gender: male
 Posts: 15
Cant we delete the Worm.Win32.Womble.d!!!!
« on: Jun 26th, 2008, 9:05am »		 Quote Quote  Modify Modify
Hi Friends,
 
 In our Office network was infected with Virus called  Worm.Win32.Womble.d ...
 i had scanned the Hard Disk (Network) with Kaspersky on 06/24/2008  from my system
 Kaspersky founded some Virus which r give below.  i have deleted the files which  had shown to me.... But the Problem is it Regains the Virus ..same Issue ......
It just creats Duplicate files like My passwords.doc .exe
 
Code:

06/24/2008 08:02:42 PM
File \\backups1\Public\Seduction secrets.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/24/2008 08:02:42 PM
File \\backups1\Public\Seduction secrets.jpg: is still infected, postponed.
06/24/2008 08:02:43 PM
File \\backups1\Public\MySexPicture.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/24/2008 08:02:43 PM
File \\backups1\Public\MySexPicture.jpg: is still infected, postponed.
06/24/2008 08:02:50 PM
File \\backups1\Public\Seduction secrets.doc .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:02:50 PM
File \\backups1\Public\Seduction secrets.doc .exe: is still infected, postponed.
06/24/2008 08:02:51 PM
File \\backups1\Public\My passwords.doc .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:02:51 PM
File \\backups1\Public\My passwords.doc .exe: is still infected, postponed.
06/24/2008 08:11:15 PM
File \\backups1\SECOND WEEK\GoogleHack.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/24/2008 08:11:15 PM
File \\backups1\SECOND WEEK\GoogleHack.jpg: is still infected, postponed.
06/24/2008 08:11:16 PM
File \\backups1\SECOND WEEK\me.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/24/2008 08:11:17 PM
File \\backups1\SECOND WEEK\me.jpg: is still infected, postponed.
06/24/2008 08:11:19 PM
File \\backups1\SECOND WEEK\Seduction secrets.doc .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:11:20 PM
File \\backups1\SECOND WEEK\Seduction secrets.doc .exe: is still infected, postponed.
06/24/2008 08:11:23 PM
File \\backups1\SECOND WEEK\Windows serial number.txt .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:11:24 PM
File \\backups1\SECOND WEEK\Seduction secrets.doc .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:11:24 PM
File \\backups1\SECOND WEEK\Windows serial number.txt .exe: detected: virus 'Virus.Win32.Sality.q'.
06/24/2008 08:11:25 PM
File \\backups1\SECOND WEEK\Windows serial number.txt .exe: is still infected, postponed.
06/24/2008 08:11:56 PM
File \\backups1\SECOND WEEK\Windows serial number.txt .exe: deleted.
06/24/2008 08:11:56 PM
File \\backups1\SECOND WEEK\Seduction secrets.doc .exe: deleted.
 

 
 But i found in my sytem (F:\sathi\Me.jpg  sathi is share folder in our Network) showing same Virus by Kaspersky and it has been deleted and ...  
i have scanned the F: drive it doesnt show any thing ...  
is this Virus Regains in my PC..  
How can i delete this Permentely in the Network Also.
Is this efffecting to other PCs which r having the share Folders in network
 
Code:

 
 
06/26/2008 02:07:34 PM
File F:\sathi\Me.jpg cannot be deleted.
06/26/2008 02:07:25 PM
File F:\sathi\Me.jpg: deleted.
06/26/2008 02:06:27 PM
File F:\sathi\Me.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/26/2008 02:06:59 PM
File F:\sathi\Me.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/26/2008 03:21:29 PM
File F:\sathi\My passwords.doc .pif: deleted.
06/26/2008 03:21:26 PM
File F:\sathi\My passwords.doc .pif: detected: virus 'Email-Worm.Win32.Womble.d'.
06/26/2008 03:20:18 PM
File F:\sathi\My passwords.doc .pif: detected: virus 'Virus.Win32.Sality.q'.
06/26/2008 03:21:32 PM
File F:\sathi\OurNewHouse.jpg: deleted.
06/26/2008 03:21:29 PM
File F:\sathi\OurNewHouse.jpg: detected: Trojan program 'Exploit.Win32.IMG-WMF.y'.
06/26/2008 02:07:32 PM
File F:\sathi\Seduction secrets.doc .exe: deleted.
06/26/2008 02:06:27 PM
File F:\sathi\Seduction secrets.doc .exe: detected: virus 'Virus.Win32.Sality.q'.
 

 
Virus names r :
 
Exploit.Win32.IMG-WMF.y
Virus.Win32.Sality.q
Email-Worm.Win32.Womble.d
 
 
Thanks in Advance
Seenujanu
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Cant we delete the Worm.Win32.Womble.d!!!!
« Reply #1 on: Jun 26th, 2008, 9:47am »		 Quote Quote  Modify Modify
Hmmm...I am not sure of how to completely disinfect a complete network of computers.  TrojanHunter does not have an Enterprise version; therefore, I am not familiar with how network/IT administrators go about a network cleanup.  
 
If the infection is on the network server via a shared folder, I would assume that it is likely that computers on network would be very prone to also being infected.  
 
In my crude knowledge of networks, I would assume that you have to take down the network, totally disinfect the server, and then disinfect each computer on the network PRIOR to allowing it to access the network.  
 
You really need to seek assistance on this from gurus who are network oriented.  The guys/gals over at the Kaspersky forum may be able to set you straight on this.
 
http://forum.kaspersky.com/index.php?act=idx
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
seenujanu
Newbie
*





   


Gender: male
 Posts: 15
Re: Cant we delete the Worm.Win32.Womble.d!!!!
« Reply #2 on: Jun 27th, 2008, 4:57am »		 Quote Quote  Modify Modify
Hi siliconman01,
 
Thanks for giving reply.
 
I hope u would resolve this problem... bcoz i am ur Forum fan and the best Forum which i havent seen (siliconman01)................ok
 
i surfed in google but i didnt get the correct information abt the  Network AntiVirus Related.
can u give the Forums names to post this...
 
Thanks
Seenujanu
IP Logged
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5594
Re: Cant we delete the Worm.Win32.Womble.d!!!!
« Reply #3 on: Jun 27th, 2008, 7:18am »		 Quote Quote  Modify Modify
Because you are using Kaspersky, I recommend that you seek assistance on the Kaspersky forum at  
 
http://forum.kaspersky.com/index.php?showforum=4
 
I just do not feel qualified to provide assistance disinfecting an office network of computers and the server.
IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register