Member
Hello everyone,
Yesterday Kapersky detected Worm.P2P.generic and Give me the Follwing error message,discovered: application of a potential risk Worm.P2P.generic Process: C:\Users\Joachim\APPDATA\LOCAL\TEMP\NRO.TMP \ SETUPX.EXE I applied the procedure of pre-ceaning I m Not sure whether it had deleted it or not What do I do now? and What is it some of kind malware or what
Thank you very much for your help.
Member
The detection is from Kaspersky's Proactive Defense module... Basicaly, its not a detection saying its malicious/worm, but the file is behaving in a manner which many P2P worms behave. Thus, the same popup will not come when you scan the file, but only if/when the file behaves in the same manner.This still does not mean it is necessarily malicious though, just that its behaving in a way P2P worms behave in.
Member
Hello, Worms of this kind spread across peer-to-peer networks via shared folders and across the Internet via email messages.Originally Posted by Joachim
look at this location C:\Users\Joachim\APPDATA\LOCAL\TEMP\NRO.TMP \ SETUPX.EXE if you find it then delete it
Member
If you download a patch from the Blizzard WOW launcher it actually downloads most of it p2p in addition to dedicated servers that could be why its throwing off kapersky. I think its blizzard way of saving bandwidth and money but I could be wrong.
Member
Description
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Indication of Infection
- Usually - at least several copies of the same file in the shared P2P folder.
Methods of Infection
Usually P2P worms create multiple copies of itself under enticing names in the folders responsible for file-sharing (ex., "Kazaa\My Shared Folder" or "Kazaa\LocalContent"). Then, during a P2P session someone may download one of these files. When the file is executed by the recipient his installation would have copies of the worms for offer too.
AVERT's advice for P2P users is to scan all suspicious files with the highest heuristic settings. Any suspicious file may be submitted to AVERT for analysis.
Aliases
W32/GenericP2P.worm
Virus Characteristics
A new variant of W32/MyWife@MM is being proactively detected as W32/Generic.worm!p2p. For details on this threat, see W32/MyWife.d@MM
--
This is a generic detection of worms that can propagate through P2P file-sharing software (Kazaa, Gnutella, eDonkey, Bearshare, Shareaza, Gnucleus, Limewire, Morpheus, Grokster, etc.).
Many new worms have been detected proactively using the technology implemented in 4240+ engines. For example, just for the last 7 days:
- W32/Holar.h@MM
- W32/Vote.e@MM
- W32/Naco.b@MM and W32/Naco.c@MM
- several new variants of W32/Veedna.worm
Before 4267 DATs users who upgraded to 4240+ engines could benefit from "New MSVB P2P worm" detection in program heuristic mode. This detection was converted into "W32/Generic.worm!p2p" as AVERT is now confident that this generic detection does not cause any problems.
Please have in mind that "W32/Generic.worm!p2p" detection does not mean that P2P is the only vector utilized by the malware. It well can also have mass-mailing capabilities, IRC spreading, be a network hopper, etc.
Removal Instructions
All Users :
Use specified engine and DAT files for detection and removal.
If you are using P2P software (Kazaa, Gnotella, Bearshare, Morpheus, eDonkey, eMule, etc.) be very careful with downloaded executable files.
Please make sure that scanning of compressed files is enabled. Always scan downloaded files with the latest DATs in program heuristic mode.
Additional Windows ME/XP removal considerations
Posting Permissions
Reply With Quote
Bookmarks