Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help removing threats found by Kaspersky Pure 2.0


  • Please log in to reply

#1
nv87654

nv87654

    New Member

  • Member
  • Pip
  • 7 posts
We have recently had a home PC infected (with SMART H.D.D and maybe more). After many, many anti-malware scans with various anti-malware products, registery fixes, etc., we have finally gotten the PC "cleaned" enough to boot into normal mode and appears to be stable so far.

Finally, last night, we uninstalled McAfee and installed our newly purchased Kaspersky Pure 2.0 and ran a Full Scan. The Full Scan found the following threats:

Trojan-Spy.Win32.Carberp.e (from Outlook email ... UPS_Print_label.exe) ... Reason is: Disinfection impossible

Worm.Win32.Mabezat.h (from Outlook email multiple attachments - ...e_231.zip // Gift_Certificate_231.exe // UPX) Reason is: Disinfection impossible

Trojan-Dropper.Win32.Agent.bzst (from Outlook email attachments ... iTunes_certificate_297.zip // iTunes_certificate_297.exe //UPX Reason is: Disinfection impossible


My questions are:

1. What does the Fix button actually try to do?

2. Can we even "Fix" them since Kaspersky gave reason of: Disinfection impossible (is this because they are "packed" or "zipped"?

3. What are these Trojans and the Worm we found and what is the behavior and threat description for these?

4. What is a UPX?

Thanks for your help.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Sometimes files get infected but can be cleaned and the original file recovered. That's what Kaspersky means by disinfection. In the case of the files you list they probably can't be disinfected because they are 100% viruses. I doubt that being in a zip is a problem. These appear to be attachments to emails so I expect if you delete the emails that would solve your problem. Probably sent to you by an infected machine so no great loss. I'm no expert on Kaspersky but it should be able to delete them for you.

UPX is a kind of compression (like zip) which is often used by viruses.

If you want to post an OTL log I can check it over for you.
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
nv87654

nv87654

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your response, RKinner. It was good information you gave. I appreciate it very much.

We are still a bit unclear about whether or not we should configure Kaspersky to unpack Packed files during the scan and if that is generally safe for the tool to unpack Packed files. Does that mean that the tool will unzip the bundle, scan the files, and then zip it back to its original form? Is it quarantined during the cleaning process?

Also, a couple of Kaspersky forum responses instructed us to delete these emails manually (via Outlook) and NOT use the Kaspersky tool to delete them. They seemed to be saying that sometimes the tool could possibly delete more than you would want to be deleted (???).

I will get back with you about the OTL logs. Thanks.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I have very little experience with Kaspersky so the forum people may know more. Deleting the files manually should be safe enough and shouldn't be too hard if Kaspersky gives you enough info to identify them. Remember that Outlook will not really delete them. It will just move them to the trash folder. You will need to empty the Outlook trash folder to get rid of them completely.

I don't expect it will hurt to allow Kaspersky to check packed files. I suspect the main objection would be that it might take a lot longer to do. Couldn't tell you exactly how it goes about looking at packed files.
  • 0

#5
nv87654

nv87654

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the advice Rkinner. I appreciate it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP