Virus from noreply@yahoo.com

[sihen]

Hi Guys,

Received the following email:

You have received Protected Message

To read the message open attached file.

User ID: 36393
Password: 85e08b8b

Keep your password in a safe place.

Sincerely,
Protected Message Service,
Yahoo.com
_________
http://wowflash.cogia.net - COOL flash!

This Virus is causing major havok, outlook crashes every 1 minute etc... anyone know what it is and how to get rid of it? AVG dont find it..

Thanks,
Dylan

 

[noswal]

Duh! NEVER open an attachment like that

 

[sihen]

Noswal, Damage done, any idea what it is or how to remove it?

 

[|tera|]

Try mcafee stinger

http://vil.nai.com/vil/stinger/

See if it can't pick it up

 

[sihen]

Thanks for the reply, already tried stinger, doesnt find anything

 

[|tera|]

Okay, just open the compressed file again, and give met the file name, don't double click on the file itself.

 

[noswal]

try trend - online

 

[sihen]

hi teraside.

Zip is capped message.zip, file is called message.hta

 

[cyberarmy]

Unzip the attachment and upload it to this site for multiple antivirus scan http://www.virustotal.com/flash/index_en.html
Then post the result back here, some decent antivirus should identify it.

 

[|tera|]

I think it's this little bugger, not quite sure, it seems there isn't a removal tool, they just say disable sysrestore and update virus definitions.

http://www.sarc.com/avcenter/venc/data/w32.areses.h@mm.html

http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=53737

Then do a full scan, sorry bro, can't find more

 

[sihen]

Thanks Guys,

CyberArmy - will past results when they come,
Your file "data.hta" is queued in position: 165. Estimated start time is between 38 and 55 minutes.

 

[sihen]

CyberArmy here we go:

Complete scanning result of "data.hta", received in VirusTotal at 09.30.2006, 19:12:25 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.22 09.30.2006 no virus found
Authentium 4.93.8 09.29.2006 no virus found
Avast 4.7.892.0 09.29.2006 no virus found
AVG 386 09.29.2006 no virus found
BitDefender 7.2 09.30.2006 JS.Feebs.Gen
CAT-QuickHeal 8.00 09.30.2006 no virus found
ClamAV devel-20060426 09.30.2006 JS.Feebs.AU
DrWeb 4.33 09.30.2006 Win32.HLLM.Graz
eTrust-InoculateIT 23.73.10 09.30.2006 JScript/Feeb.B1!Worm
eTrust-Vet 30.3.3106 09.30.2006 no virus found
Ewido 4.0 09.30.2006 no virus found
Fortinet 2.82.0.0 09.30.2006 W32/Feebs.fam.M@mm
F-Prot 3.16f 09.29.2006 no virus found
F-Prot4 4.2.1.29 09.29.2006 no virus found
Ikarus 0.2.65.0 09.29.2006 no virus found
Kaspersky 4.0.2.24 09.30.2006 Worm.Win32.Feebs.iq
McAfee 4863 09.29.2006 JS/Feebs.gen.l@MM
Microsoft 1.1603 09.30.2006 TrojanDownloader:JS/Feebs
NOD32v2 1.1784 09.29.2006 no virus found
Norman 5.90.23 09.29.2006 no virus found
Panda 9.0.0.4 09.30.2006 no virus found
Sophos 4.10.0 09.30.2006 no virus found
Symantec 8.0 09.30.2006 W32.Feebs
TheHacker 6.0.1.088 09.30.2006 JS/Feebs.gen8@MM
UNA 1.83 09.29.2006 no virus found
VBA32 3.11.1 09.29.2006 Trojan-Downloader.JS.Feebs
VirusBuster 4.3.7:9 09.30.2006 JS.KMax.AK.Gen

Aditional Information
File size: 3126 bytes
MD5: 6c4e4073d11de62b67ce6c916a9394e7
SHA1: f42fd59a6646e3de992479992ba7b66980412606

 

[bullfrog]

My guess is download the antivirus program in that list that finds the virus and run it too see if it gets removed

 

[Equinox]

NOD32 ftw

 

[bullfrog]

sorry Equinox

NOD32v2 1.1784 09.29.2006 no virus found

 

[cyberarmy]

Sorry I am not ADSL yet still with dialup thanks to telkom.........can only check your reply now.

Please download this free virus removal tool from Dr.Web http://download.drweb.com/drweb+cureit/
Then reboot your PC, press F8 while it's booting and select safemode, run CureIT! under safemode to remove Js.Feeb virus and all other virus which was not detected by your AVG currently..........
Good Luck!

 

[sihen]

Thanks Cyber, going to give it a shot now

 

[sihen]

hey Cyberarmy,

Ran CureIT in safe mode, No viruses found.

 

[bullfrog]

Ok going by that list I just chose one that says it can find the virus, bitdefender. Googled it and found that they have an online scan. Open Intrernet explorer and use this link to scan for the virus. It should find the virus and hopefully be able to remove it. Just follow the iinstructions and allow the activex and other things to install.

http://www.bitdefender.com/scan8/ie.html

I hope that helps!

 

[GreatBigMouth]

I think the reason why AVG isn't picking it up is because the virus may have corrupted it. Try Panda Active Scan or Trend Micro Online scanner.

They are both free and good. Also download some Anti Malware programs, like Spybot or Ad-Aware.