+ problemas con jhon.exe

Reglas del Foro
Normas Basicas | Los Titulos, dicen mucho | No postear en paralelo | Continua en tu tema | Cierra tu tema, antes de abrir otro | No escribas en temas antiguos
Enlaces a web/mail/blog/Msn NO estan permitidos | Mensajes Privados | Informes de resultados | Antivirus Online
Responder
fernandopc85
Mensajes: 1
Registrado: 26 Jun 2007, 03:27

+ problemas con jhon.exe

Mensaje por fernandopc85 » 26 Jun 2007, 03:40

Hola Amigos saben avg 7.5 detecto el virus, pero cuando revisaba en el disco creo que se activo, por que ahora no me deja ingresar a mis programas (Word, excel, nsf entre otros). Me aparece el cuadro donde le pide seleccionar programa para abrir el archivo "para mi que se ejecuto Jhon" lo curioso es que los archivos guardados en WORD los abre y ejecuta el programa.

! que hago, pues ingrese en modo prueba de fallos y hace lo mismo. Lastimosamente no desactive el "Restaurar el sistema". que hago...



Agradezco su ayuda

PD tampoco me deja ingresar al regedit.

y el antivirus lo desactivo
Héctor Fernando Pedraza Castro
Arriba
Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:
Contactar msc hotline sat

Mensaje por msc hotline sat » 26 Jun 2007, 07:28

Nos consta por otros Temas ya solucionados, que tanto el McAfee actual como el ewido, controlan y eliminan dicho virus, pero si quieres que lo controlemos con nuestras utilidades y restauremos el acceso a las aplicaciones indicadas, envianos estos ficheros :
This variant will copy itself to the following places:

- Shared folders

- %WINDIR%\svchost.exe ( 34682 bytes ) (fijese que este está en C:\windows, no es el normal que está en c:\windows\system32...

- c:\jhon.exe ( 34682 bytes )

It will also copy ifself with the name antiwga.exe to the following P2P application shared folders:

- C:\Archivos de programa\Ares\My Shared Folder\antiwga.exe
- C:\Archivos de programa\emule\incoming\antiwga.exe
Para ello recordar: viewtopic.php?f=2&t=45334

saludos

ms, 26-06-2007

nota: para su informacion, aqui tiene la descripcion del virus http://vil.nai.com/vil/content/v_142146.htm
McAfee escribió:
W32/Jhon.worm.p2p


Type Virus
SubType P2P Worm
Discovery Date 05/02/2007
Length 34,682
Minimum DAT 5023 (05/03/2007)
Updated DAT 5023 (05/03/2007)
Minimum Engine 5.1.00
Description Added 05/02/2007
Description Modified 05/02/2007 11:11 AM (PT) Type

File size, in bytes, of the threat.
Minimum DAT
McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.

Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.

For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
Updated DAT
McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
Minimum Engine
The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Description Added
Date/time this description was published using Pacific Time.
Description Modified
Date/time this description was last modified using Pacific Time.
Risk Assessment
Corporate User Low
Home User Low Tab Navigation
Overview Characteristics Symptoms Method of Infection Removal Variants All Information Overview
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another
Characteristics
This worm was designed to affect mostly spanish language Windows OS, since it has absolute paths of P2P programs on spanish language.

This variant will copy itself to the following places:
- Shared folders
- %WINDIR%\svchost.exe ( 34682 bytes )
- c:\jhon.exe ( 34682 bytes )

It will also copy ifself with the name antiwga.exe to the following P2P application shared folders:

- C:\Archivos de programa\Ares\My Shared Folder\antiwga.exe
- C:\Archivos de programa\emule\incoming\antiwga.exe

And create the following registry key:

hkey_local_machine\software\microsoft\windows\currentversion\run\svchost="%WINDIR%\svchost.exe"


Symptoms

- Presence of aformentioned regsitry keys, files and directories.
- Unwanted files being shared from the victim's p2p file sharing system.
- Unusual network activity.

Method of Infection
This virus is intended to spread via shared folders and via P2P file sharing networks.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations


Variants
Variants
N/A

All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another

Characteristics
Characteristics -
This worm was designed to affect mostly spanish language Windows OS, since it has absolute paths of P2P programs on spanish language.

This variant will copy itself to the following places:
- Shared folders
- %WINDIR%\svchost.exe ( 34682 bytes )
- c:\jhon.exe ( 34682 bytes )

It will also copy ifself with the name antiwga.exe to the following P2P application shared folders:

- C:\Archivos de programa\Ares\My Shared Folder\antiwga.exe
- C:\Archivos de programa\emule\incoming\antiwga.exe

And create the following registry key:

hkey_local_machine\software\microsoft\windows\currentversion\run\svchost="%WINDIR%\svchost.exe"


Symptoms
Symptoms -

- Presence of aformentioned regsitry keys, files and directories.
- Unwanted files being shared from the victim's p2p file sharing system.
- Unusual network activity.

Method of Infection
Method of Infection -
This virus is intended to spread via shared folders and via P2P file sharing networks.

Removal -
Removal -

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations


Variants
Variants -
N/A
ms.
Arriba
Responder

Volver a “Foro Virus - Cuentanos tu problema”