A Digital Age Deserves A Digital Leader

W32.Kwbot.F.Worm

W32.Kwbot.F.Worm

Postby Nolez » Mon Jul 07, 2003 4:08 pm

W32.Kwbot.F.Worm

Well it was bound to happen. I woke up this morning to a nice alert from NAV that rebel forces have tried to attack Vader through Kazaa. I quarantined it until I get back home today. I went to Symantec and printed out all of the necessary pages for information on the virus, instructions for removing it, and checking the registry and possibly removing it from there if it infected it.

Was just curious if anyone has gotten hit by it and had any experience with it? I will post the outcome later tonight once Vader is clean and clear.

:doc
Image
PROfessional Member
User avatar
Posts: 196
Joined: Tue Dec 17, 2002 7:27 pm
Location: Orlando, FL

Postby *Starz* » Mon Jul 07, 2003 5:02 pm

Nolez

I haven't had any experience with that worm...but I have been looking for a program that will protect against malware when using P2P programs...I did find this over at Computer Cops this morning...don't know if it's any good but think I will give it a try...I haven't checked it out on any of the comparison forums yet...There is a free vs and a Premium one as well...Many months ago KaZaA used to advertise a similar program...but I haven't been able to find it recently...VCatch claims that you can use this program with any other antivirus software without worrying about conflicts.

http://www.vcatch.com/home.html
[align=center]Image

~ You Are Never Given A Wish Without Being Given The Power To Make It Come True ~[/align]
PRO Level 16
User avatar
Posts: 1893
Joined: Sat Aug 17, 2002 1:05 am
Location: Great Smoky Mountains

Postby Nolez » Mon Jul 07, 2003 5:50 pm

Very cool, Ms Starz! I will have to check it out once I start to get Kazaa back up.

Thanks! ^*^
Image
PROfessional Member
User avatar
Posts: 196
Joined: Tue Dec 17, 2002 7:27 pm
Location: Orlando, FL

Postby Nolez » Mon Jul 07, 2003 10:41 pm

Well it looks like NAV saved the day. And some of you say AV software doesn't work. :P

I checked my Processes and none of the programs Norton said to terminate were running. Did a system scan and the virus didn't show up. After backing up the registry, I went into to see if any of the modifications Norton stated the virus would make were there, nothing. ^*^ I also did a port scan netstat -an that Weaver suggested in an earlier thread to check to see if the Trojan the virus releases had a particular port open (I think 6667), it wasn't. Soooooo I guess I am clear. :yesnod:

Here is a link to Symantec if anyone runs into it: W32.Kwbot.F.Worm Fix
Image
PROfessional Member
User avatar
Posts: 196
Joined: Tue Dec 17, 2002 7:27 pm
Location: Orlando, FL

Postby SCJwl » Tue Jul 08, 2003 12:19 pm

Good going Jason and thanks for the link. It might come in handy for some people. :)
I believe that imagination is stronger than knowledge - myth is more potent than history - dreams are more powerful than facts - hope always triumphs over experience - laughter is the cure for grief - love is stronger than death
Robert Fulghum


Image
PROfessional Member
User avatar
Posts: 707
Joined: Mon Mar 11, 2002 4:45 pm
Location: South Carolina

Postby augie » Wed Jul 09, 2003 4:03 pm

I've seen several posts where Norton's falsely reports an infection, the people go nut's trying to remove it and can't find it and one clean installed over several gigs of MP3's without a backup :eek: .
Everything that irritates us about others can lead us to an understanding of ourselves. -- Carl Jung

eVGA X58 tri-SLI, i7 930 @ 3.8GHz., Corsair 6GB Dominator, Inno3D GTX470, eVGA260
ASUS P8P67 Pro, i7 2600K @4.60 GHz, 8GB RAM, eVGA GTX 460
Community Director
User avatar
Posts: 7870
Joined: Mon Aug 26, 2002 1:55 am
Location: Laurentians, Quebec

Postby Nolez » Wed Jul 09, 2003 4:12 pm

Ouch! That must have sucked.

Well this was my second attack at home and it saved the day both times.

We get hit a lot at work from not so informed employees and NAV has helped each time.

My roommates broke up and she took the good computer a few days ago. He doesnt care about the one that is hooked up now. He's connected to Road Runner with no AV working and no firewall. Both curious to see how long it will take. :()
Image
PROfessional Member
User avatar
Posts: 196
Joined: Tue Dec 17, 2002 7:27 pm
Location: Orlando, FL

Postby djdabaer » Wed Jul 09, 2003 4:52 pm

Nolez,


And the IP for that machine is what??? just kidding...

-Jeremy
Last edited by djdabaer on Wed Jul 09, 2003 5:02 pm, edited 1 time in total.
PROfessional Member
Posts: 107
Joined: Mon Jul 07, 2003 7:33 pm
Location: CT

Postby Nolez » Wed Jul 09, 2003 4:57 pm

djdabaer wrote:Nolez,


And the IP for that machine is what??? just kidding...

-Jeremy


257.257.257.257 :;)


:lol:
Image
PROfessional Member
User avatar
Posts: 196
Joined: Tue Dec 17, 2002 7:27 pm
Location: Orlando, FL

Postby djdabaer » Wed Jul 09, 2003 5:01 pm

atleast you didnt try to convince me to attack 127.0.0.1.... :)
PROfessional Member
Posts: 107
Joined: Mon Jul 07, 2003 7:33 pm
Location: CT

Return to Security & Virus

Who is online

Users browsing this forum: No registered users and 1 guest