Expert: Lorry - 8/17/2007

Question
Hi Marcus,

greetings....

i'm having a PC Cillin Internet Security 2007 version anti virus loaded in my system.

it scans the drive on a daliy schedules and provides good service...

but there is one virus it can't put in quaritine or delete and that is..... "WORM_SOHANAD.BO".....

the PC Cillin official websit gives couple of options to troubleshoot this virus... and also shows that this is a low risk virus....


the other details are as follows: -

Malware type: Worm

Aliases: IM-Worm.Win32.Sohanad.t, W32/YahLover.worm, W32.Imaut, Worm/Sohanad.NAK, Infection: W32/IMWorm.CT, W32/Sohana-R, Worm:Win32/Sohonad.S

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Infection Channel 1 : Propagates via instant messaging applications



Description:


This worm drops files/components. It then creates and modifies registry entries to ensure automatic execution at every system startup.

This worm propagates via Yahoo! Messenger. It does the said routine by sending an instant message to all contacts of a target user. The message it sends contains a link to a remote copy of itself. When the recipient clicks the link, its copy is executed on the recipients' system.
It opens random TCP ports where it listens for remote commands from malicious user. It executes these commands locally on the affected system, thus compromising the system security.

i'm using gtalk and not yahoo for chats....

please revert on the same with your feedback and suggestions to eliminate this worm...

tk care..

Divy

Answer
Hi Divy,

Using Internet Explorer, go to:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Click the GO button, then under Virus Detection, click Start. You might be told that you need to download and install ActiveX Controls for the scan to work, answer Yes.

Write down exactly anything it finds, then go to: http://www.symantec.com/search/  and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually. Make sure that you follow the instructions for removal, step by step, especially the part regarding disabling System Restore.

Hope this helps!
Lorry