Has Scoobynet got a virus?
29 July 2002, 08:04 PM
#1
Scooby Regular
Thread Starter
Join Date: Apr 2002
Posts: 1,122
Likes: 0
Received 0 Likes
on
0 Posts
I am running Norton AV with all the regular updates. The other day whilst looking at a thread on Scoobynet I got a virus warning.
Apparently MSVXD.exe, MSVXD16.dll and MSVXD32.dll are all virus files that form part of a Network virus - as far as I can tell it gets into your win.ini file, loads up the .exe, starts the 16.dll that looks for network stuff then calls 32.dll which propogates the virus.
The webpage said it was "rare" but almost everytime now I log on and start reading forums it re-appears! I have removed it from my .ini file, searched the registry for any mention and deleted the files. Now when it appears again I delete it as its coming in.
Has anyone else had this, and is it just coincidence that I happen to be on Scoobynet when it happens? I don't have a static IP, it changes everytime I log on.
I hope this isnt considered to be in the wrong forum, but if its just me that seems to be getting this then I'll believe its NOT generally in the Scoobynet interest
Buzz (currently free from any virus)
[Edited by RaZe-=Buzz=- - 7/29/2002 8:05:18 PM]
Apparently MSVXD.exe, MSVXD16.dll and MSVXD32.dll are all virus files that form part of a Network virus - as far as I can tell it gets into your win.ini file, loads up the .exe, starts the 16.dll that looks for network stuff then calls 32.dll which propogates the virus.
The webpage said it was "rare" but almost everytime now I log on and start reading forums it re-appears! I have removed it from my .ini file, searched the registry for any mention and deleted the files. Now when it appears again I delete it as its coming in.
Has anyone else had this, and is it just coincidence that I happen to be on Scoobynet when it happens? I don't have a static IP, it changes everytime I log on.
I hope this isnt considered to be in the wrong forum, but if its just me that seems to be getting this then I'll believe its NOT generally in the Scoobynet interest
Buzz (currently free from any virus
)[Edited by RaZe-=Buzz=- - 7/29/2002 8:05:18 PM]
30 July 2002, 09:41 AM
#4
Scooby Regular
Thread Starter
Join Date: Apr 2002
Posts: 1,122
Likes: 0
Received 0 Likes
on
0 Posts
Said it was this one :
W32/Datom.worm
The risk assessment of this threat was changed to Low-Profiled as this worm has gotten some media attention.
This worm arrives as one .exe and two .dll files:
MSVXD32.DLL
MSVXD16.DLL
MSVXD.EXE.
These files are copied to the %Windir% folder
Two techniques are used to ensure that it is run on subsequent system startups. The worm looks for the Start Menu startup directory and tries to create a link to itself called "VxD Manager". The following registry entry is also created:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\_
Run ="MSVXD" %WinDir%\MSVXD.EXE 1632
The version information in the files' properties is used to camouflage its true intentions:
Description: Windows VxD integrity check
Copyright: Copyright (C) Microsoft Corp. 1995
Company Name: Microsoft Corporation
Product Name: Microsoft® VxD
This worm does not have a damaging payload, it only spreads via shared drives.
Symptoms
Presence of the file %WinDir%\MSVXD.EXE
Presence of the file %WinDir%\MSVXD32.DLL
Presence of the file %WinDir%\MSVXD16.DLL
Method Of Infection
This worm spreads through open shares
Removal Instructions
Use specified engine and DAT files for detection and removal. Delete files found to contain this detection.
As this threat seeks open shares, turn off full share to your system. If you have to use shares, use password protection to avoid being a future target.
Which is strange, because Im not ON a network, and Im not using shared drives... :|
W32/Datom.worm
The risk assessment of this threat was changed to Low-Profiled as this worm has gotten some media attention.
This worm arrives as one .exe and two .dll files:
MSVXD32.DLL
MSVXD16.DLL
MSVXD.EXE.
These files are copied to the %Windir% folder
Two techniques are used to ensure that it is run on subsequent system startups. The worm looks for the Start Menu startup directory and tries to create a link to itself called "VxD Manager". The following registry entry is also created:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\_
Run ="MSVXD" %WinDir%\MSVXD.EXE 1632
The version information in the files' properties is used to camouflage its true intentions:
Description: Windows VxD integrity check
Copyright: Copyright (C) Microsoft Corp. 1995
Company Name: Microsoft Corporation
Product Name: Microsoft® VxD
This worm does not have a damaging payload, it only spreads via shared drives.
Symptoms
Presence of the file %WinDir%\MSVXD.EXE
Presence of the file %WinDir%\MSVXD32.DLL
Presence of the file %WinDir%\MSVXD16.DLL
Method Of Infection
This worm spreads through open shares
Removal Instructions
Use specified engine and DAT files for detection and removal. Delete files found to contain this detection.
As this threat seeks open shares, turn off full share to your system. If you have to use shares, use password protection to avoid being a future target.
Which is strange, because Im not ON a network, and Im not using shared drives... :|