iworm_attack_v122.02a???

Discussion in 'Malware Help (A Specialist Will Reply)' started by skabverdi, Dec 10, 2005.

  1. skabverdi

    skabverdi Private E-2

    i have just been informed that my computer is infected by the iworm_attack_v122.02a virus? and i cannot find any methods to remove it, please help :eek:
     
    skabverdi, Dec 10, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

    Downloading, Installing, and Running HijackThis

    .
     
    chaslang, Dec 10, 2005
    #2
  3. skabverdi

    skabverdi Private E-2

    thanks for the reply, so far ive done all of whats been told to do in the stick thread and run hijack this multiple times, using the hijack this analyzer online to also try and figure out what the problem is, and everytime i get rid of this...

    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC106E60-3D1A-4611-99E6-D9D04E40542A}: NameServer = 80.225.248.50 80.225.248.58

    which is a hijacker im sure because i do not recognise the IP and when i checked it was in italy and i have no contacts there.

    Ive done all the basic scans and they dont really seem to be picking up anything wrong, when i use spysweeper i get this one hijacking process which does get deleted but it keeps coming back and i can see the slowdown it all causes.

    And in internet explorer, some sites work perfectly while they have boxes all around in them saying not available, and this goes for the whole lot of them.

    Any more help would be appreciated
    Thanks
     
    skabverdi, Dec 10, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I would bet that the IP address is for your DSL connection provided by Tiscali
    Code:
    [B]IP Address [/B]: [80.225.248.50] birm-cache-1.ns.uk.tiscali.com
[B]IP Location[/B]: [IMG]http://img.cqcounter.com/flags/gb.gif[/IMG] United Kingdom [[B]GB[/B]]

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% http://www.[URL="http://cqcounter.com/whois/?query=ripe.net"][COLOR=#000099]ripe.net[/COLOR][/URL]/db/news/abuse-proposal-20050331.html
% for more details.
%
% Rights restricted by copyright.
% See [url]http://www[/url].[URL="http://cqcounter.com/whois/?query=ripe.net"][COLOR=#000099]ripe.net[/COLOR][/URL]/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '80.225.248.0 - 80.225.255.127'

inetnum:      [URL="http://cqcounter.com/whois/?query=80.225.248.0"][COLOR=#000099]80.225.248.0[/COLOR][/URL] - [URL="http://cqcounter.com/whois/?query=80.225.255.127"][COLOR=#000099]80.225.255.127[/COLOR][/URL]
netname:      UK-TELINCO-MGNT
descr:        Tiscali UK Ltd
descr:        UK Pops Management
descr:        ==========================================================
descr:        Concerning abuse and spam ... mailto: abuse@uk.[URL="http://cqcounter.com/whois/?query=tiscali.com"][COLOR=#000099]tiscali.com[/COLOR][/URL]
descr:        e-mail to other addresses will not be dealt with.
descr:        ==========================================================
country:      GB
admin-c:      TU935-RIPE
tech-c:       TU935-RIPE
status:       ASSIGNED PA
mnt-by:       TU935-RIPE-MNT
source:       RIPE # Filtered

role:           Tiscali UK
address:        Tiscali UK Limited
address:        20 Broadwick Street
address:        London W1F 8HT
phone:          +44 207 087 2000
remarks:        Information: [url]http://www[/url].[URL="http://cqcounter.com/whois/?query=tiscali.com"][COLOR=#000099]tiscali.com[/COLOR][/URL]
admin-c:        DC-RIPE
admin-c:        DG9105-RIPE
tech-c:         DC-RIPE
nic-hdl:        TU935-RIPE
remarks:        Hostmaster Role Account
mnt-by:         TU935-RIPE-MNT
source:         RIPE # Filtered
abuse-mailbox:  abuse@uk.[URL="http://cqcounter.com/whois/?query=tiscali.com"][COLOR=#000099]tiscali.com[/COLOR][/URL]
    Please complete my instructions and attach the HijackThis log as requested. Also attach your log from Spy Sweeper.
     
    chaslang, Dec 10, 2005
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds