Bobic.cx Worm

My AVG AntiSpyWare 7.5 detected the Worm.Bobic.cx.
I have worked through all the cleaning steps recommended in the forum, and ran the AVG scan again. The Bobic.cx worm is still there... I got this message:

The file C:\DELL\drivers\R70567\shared\agent.cab/mcupdate.exe cannot be quarantined because it is embedded in the archive C:\DELL\drivers\R70567\shared\agent.cab.

I am attaching my logs as instructed.

Thank you! Kathleen

 

Hello distractedk,

It's a possibility that this detection is a false postive, and there actually is no malware present. Let's take a closer look at that file to be sure.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  
  • C:\DELL\drivers\R70567\shared\agent.cab
• Click on the submit button
  
• Please post the results in your next reply.

 

Here you go!

Service load:
0% 100%

File: agent.cab_

Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: 36e7055cba1ec7f9fe5dc478de35b21d

Packers detected: -

Bit9 reports: You searched for
MD5: 36e7055cba1ec7f9fe5dc478de35b21d
Your hash has been found in 5 Package(s).

Scan taken on 07 Mar 2008 17:54:41 (GMT)
A-Squared: Found nothing
AntiVir: Found nothing
ArcaVir: Found nothing
Avast: Found nothing
AVG Antivirus: Found nothing
BitDefender: Found nothing
ClamAV: Found nothing
CPsecure: Found nothing
Dr.Web: Found nothing
F-Prot Antivirus: Found nothing
F-Secure Anti-Virus: Found nothing
Fortinet: Found nothing
Ikarus: Found nothing
Kaspersky Anti-Virus: Found nothing
NOD32: Found nothing
Norman Virus Control: Found nothing
Panda Antivirus: Found nothing
Rising Antivirus: Found nothing
Sophos Antivirus: Found nothing
VirusBuster: Found nothing
VBA32: Found nothing

Last file scanned at least one scanner reported something about: is-506f8.tmp_776DB47AE1FC03829B32C6DAA660615A.tmp (MD5: 776db47ae1fc03829b32c6daa660615a, size: 1355776 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus W32/Backdoor.AQGT
F-Secure Anti-Virus X
Fortinet X
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus Backdoor.Win32.VB.bnx
Sophos Antivirus Sus/ComPack-C
VirusBuster X
VBA32 X

 

Hello distractedk,

It looks to be that this was simply a false detection on the part of AVG Anti-Spyware. The 21 anti-virus scanners this file was passed through found nothing of concern.

 

That's good news! I thank you very much for your time and help.

I have been using the AVG AntiSpyware 7.5 free version. Would you suggest I switch to the SUPERAntiSpyware I just downloaded for the scans for this forum?

I am also using ZoneAlarm for my firewall.

Any suggestions would be appreciated... and thank you again!

Kathleen

 

Hello distractedk,

It's really your choice, but I do personally prefer SUPERAntiSpyware more.

 

Thank you, once more.
I very much appreciate your help!

 

It's not a problem, I wish you the best of luck in the future:major