Virus JHON.EXE (SOLUCIONADO)

[fobia]

Hola a todos....



Lo q me sucedio es que tengo en mi computador un virus llamado JHON.EXE, este virus lo que hace es crear un archivo con un icono de imagen en cada unidad de disco y crearla en cada unidad extraible que se le ponga al computador, no me deja abrir el msn messenger ni tampoco el administrador de tareas, y yo lo borro y ahi mismo vuelve a reaparecer.



Ya le he pasado el nod32, AVG, ADD aware y ninguno lo detecto, solo lo detecto el BitDefender on line pero lo elimino solo de los discos extraibles, pero de los discos duros no los elimina, por favor si pueden ayudarme con este virus les agradeceria.

[msc hotline sat]

Pues envianos uno de estos ficheros infectados para analizar:



https://foros.zonavirus.com/viewtopic.php?f=2&t=45334



saludos



ms, 28-04-2007

[msc hotline sat]

Pues como sea que hoy recibimos de McAfee el aviso de que este virus va a ser controlado con los DAT de hoy, 5023, mientras no nos envia la muestra indicada para que lo podamos controlar con nuestras utilidades, se lo comunicamos para que contemple la alternativa de limpiarlo con el antivirus de McAfee:



http://vil.nai.com/vil/content/v_142146.htm


[quote="McAfee"]


[size=167][b]W32/Jhon.worm.p2p[/b][/size]





Type Virus

SubType P2P Worm

Discovery Date 05/02/2007

Length 34,682

Minimum DAT 5023 (05/03/2007)

Updated DAT 5023 (05/03/2007)

Minimum Engine 5.1.00

Description Added 05/02/2007

Description Modified 05/02/2007 11:11 AM (PT) Type



File size, in bytes, of the threat.

Minimum DAT

McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.



Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.



For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.

Updated DAT

McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.

Minimum Engine

The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.

Description Added

Date/time this description was published using Pacific Time.

Description Modified

Date/time this description was last modified using Pacific Time.

Risk Assessment

Corporate User Low

Home User Low Tab Navigation

Overview Characteristics Symptoms Method of Infection Removal Variants All Information Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another

Characteristics

This worm was designed to affect mostly spanish language Windows OS, since it has absolute paths of P2P programs on spanish language.



This variant will copy itself to the following places:

- Shared folders

- %WINDIR%\svchost.exe ( 34682 bytes )

- c:\jhon.exe ( 34682 bytes )



It will also copy ifself with the name antiwga.exe to the following P2P application shared folders:



- C:\Archivos de programa\Ares\My Shared Folder\antiwga.exe

- C:\Archivos de programa\emule\incoming\antiwga.exe



And create the following registry key:



hkey_local_machine\software\microsoft\windows\currentversion\run\svchost="%WINDIR%\svchost.exe"





Symptoms



- Presence of aformentioned regsitry keys, files and directories.

- Unwanted files being shared from the victim's p2p file sharing system.

- Unusual network activity.



Method of Infection

This virus is intended to spread via shared folders and via P2P file sharing networks.



Removal



A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.



Additional Windows ME/XP removal considerations





Variants

Variants

N/A



All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another



Characteristics

Characteristics -

This worm was designed to affect mostly spanish language Windows OS, since it has absolute paths of P2P programs on spanish language.



This variant will copy itself to the following places:

- Shared folders

- %WINDIR%\svchost.exe ( 34682 bytes )

- c:\jhon.exe ( 34682 bytes )



It will also copy ifself with the name antiwga.exe to the following P2P application shared folders:



- C:\Archivos de programa\Ares\My Shared Folder\antiwga.exe

- C:\Archivos de programa\emule\incoming\antiwga.exe



And create the following registry key:



hkey_local_machine\software\microsoft\windows\currentversion\run\svchost="%WINDIR%\svchost.exe"





Symptoms

Symptoms -



- Presence of aformentioned regsitry keys, files and directories.

- Unwanted files being shared from the victim's p2p file sharing system.

- Unusual network activity.



Method of Infection

Method of Infection -

This virus is intended to spread via shared folders and via P2P file sharing networks.



Removal -

Removal -



A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.



Additional Windows ME/XP removal considerations





Variants

Variants -

N/A


[/quote]



saludos



ms, 3 de Mayo de 2007

[fobia]

Ya encontre un antivirus online que elimina este virus, se llama ewido, no es sino que le hagan el antivirus online y el los elimina.



En mi computador ya se elimino y esta todo funcionando normalmente. Muchas gracias de todas formas...



FOBIA

[msc hotline sat]

Gracias por decirnoslo.



Tambien McAfee tiene ya disponible la version 5023, que lo controla, como puede ver en la imagen adjunta



y por lo indicado, damos el Tema por solucionado y procedemos a cerrarlo



saludos



ms, 3 de Mayo de 2007