liane Posted February 10, 2006 Share Posted February 10, 2006 Olá a todos Ando com um vírus à perna e não me consigo livrar dele. Algum de vocês me pode dizer se conhece o vírus W32 mitiglied.P e como ele me pode afectar o pc? E claro, como que gaita me livro dele. Thx Link to comment Share on other sites More sharing options...
Walt Sousa Posted February 10, 2006 Share Posted February 10, 2006 (edited) A dar cabo de virús o Mcafee é eficiente... Tens o Mcafee Virus Scan (é versão trial mas resolve-te o assunto na mesma). Sempre podes tentar conseguir algum crack ou serial em www.astalavista.box.sk Também eu tive há pouco tempo um virús maroto que não queria sair e com o Macfee Virus Scan em dois tempos tratei-lhe da saúde... Tb tens as versões gratuitas do AVG e AVAST, são mais limitados mas tb cumprem bem os seus objectivos... Podes encontrar isso tudo em www.download.com Não deverá ser novidade para ti mas se tiveres uma firewall (zonealarm chega e sobra) e um anti-virus actualizados (AVG, porque não, já o utilizei e não tive grandes problemas) safas-te na boa... Se isto não resolver, diz qq coisa que tenho mais alternativas ... Edited February 10, 2006 by Walt Sousa Link to comment Share on other sites More sharing options...
gosma25 Posted February 10, 2006 Share Posted February 10, 2006 W32/Mitglied.gen • Process File: realupd32 or realupd32.exe • Destructivity: Spreading: Overall risk: • Detected by virus detection files published: • Virus characteristics first published: 13 Dec. 2005 • Virus characteristics latest update: 15 Dec. 2005 • Type: Trojan • Alias: Mitglied.gen • Spreading mechanism: Email, Network • Overall risk: Low • Payload: Disables security software, includes backdoor and downloader capability This is a trojan which might have backdoor, downloader and worm characteristics. Because of the similarities between many of the Mitglied variants this is a generic description. The Mitglieds are often spammed out in email attachments and are a common part of the Bagle email-worms. The email rely backdoor opened by the Mitglied might be used both for commercial spam and to distribute new variants of Mitglieds and Bagles. When the Miglied is executed it will copy itself to the %SYSTEM% folder and register itself in the runkey "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" in the registry to be executed on windows startup. It might also modify/create the key "HKCR\exefile\shell\open\command" and set the value "default=%SYSTEM%\<virusfile> -run "%1" %*" Some Mitglieds also have the functionality to search for computers which have been infected with the "W32\MyDoom" worm, and if such a computer is found, the Mitglied will get copied over. These variants will also try to delete registry keys made by the MyDoom worm. A selection of filenames used by Mitglied: irun4.exe window.exe winhost.exe winshost.exe syswrun4x.exe realupd.exe wind.exe windll32.exe scvhost.exe sysdoor.exe windllsys32.exe winudll.exe winsystems.exe runner.exe system.exe drwatson32.exe antiav_exe.exe anti_troj.exe or a random value A selection of runkey Values it might use are: "sgrate.exe" "ssgrate.exe" "RealUpdater" "windows.exe" "dm_service" "usrgtway.exe" "Symantec NetDriver Monitor" "auto__hloader__key" "auto__antiav__key" "WindowsDebug" or the filename it copied itself to. The Mitglied will install itself to the registry key and also open a random or given port which may then be used as an email relay. Then it will go to a number of URLs and include the port, IP and other information as variables in the request by adding i.e. "?p=<value>&id=<value>" at the end of the requested URLs. It also creates a mutex to ensure only one instance is running. The Mitglied might also search for running AV products and terminate these, search for AV executables and rename or delete these, search for AV registry keys and modify or delete these and modify the HOSTS file so that the infected computer can not contact AV-vendor webpages. The Mitglied might also download a file from a webpage to the %WINDOWS% directory and execute it. It might drop one or more files to the %WINDOWS%, %SYSTEM% and/or %TEMP% directories. These files are often classified and detected as other variants of the Midglied trojan. Link to comment Share on other sites More sharing options...
Sandokan Posted February 10, 2006 Share Posted February 10, 2006 Formatar o computador a melhor coizinha para remover os virus..... Link to comment Share on other sites More sharing options...
Kubrick Posted February 10, 2006 Share Posted February 10, 2006 Formatar o computador a melhor coizinha para remover os virus.....Nem mais. Link to comment Share on other sites More sharing options...
bruno_eg Posted February 10, 2006 Share Posted February 10, 2006 Usa o Linux e nunca sofrerás disso ... lol Link to comment Share on other sites More sharing options...
Walt Sousa Posted February 10, 2006 Share Posted February 10, 2006 Formatar o pc só em último caso. Realmente é a forma mais prática e fácil de resolver o problema... Liane, se tentares correr um ou dois anti-virús e não conseguires acabar com o virús, não terás outro remédio senão fazer um format c: Mas os virús voltarão sempre a aparecer e com a maior das facilidades se não estiveres minimamente protegida: firewall + anti-virús... A não ser que prefiras formatar o pc diariamente... Link to comment Share on other sites More sharing options...
cRaZyzMaN Posted February 10, 2006 Share Posted February 10, 2006 Kaspersky não limpa isso? Link to comment Share on other sites More sharing options...
Recommended Posts