Thread Info
  • Locked Locked
  • Replies 4 replies
  • Subscribers 19 subscribers
  • Views 5329 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

W32/Scribble-B Virus

Jaco Nel

Hi

 

I am new to the sophos family. I signed up for home premium. My computer did a scan and came up with the following virus

Malware detected: 'W32/Scribble-B' at 'C:\Xpress18\hidden\Documents\Labels\CustomerSupplier\CustomerSupplier.exe'

It seems the virus creates exe files. Been searching a while now to get info to remove this virus with no luck. Anybody had similar issues? Any help would be creatly apreciated



This thread was automatically locked due to age.

  • Hi Jaco,

    What is W32/Scribble-B?

    W32/Scribble-B is a family of polymorphic viruses for the Windows platform.

    • Members of W32/Scribble-B allow a remote attacker to gain access and control over the infected computer through IRC channels.
    • Members of W32/Scribble-B infect files with the EXE and SCR extensions when they are opened or run.
    • Members of W32/Scribble-B inject a malicious iframe into files whose extensions start with HTM, PHP or ASP, with affected files detected as Troj/Fujif-Gen. At the time of writing the iframe points to a site that hosts more malware.
    • Members of W32/Scribble-B also add a line to the Windows HOSTS file to redirect the infected computer to an infected website.

    What is the security status of your machine? Is it Green or Red?

    If you think the infection is not removed, you may try running the Sophos Clean from here.  Let me know if this helps resolve your query.

    Haridoss Sreenivasan
    Technical Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • in reply to Haridoss Sreenivasan

    Hi Haridoss

    Thank you for your reply. The status is green and says I am protected against viruses.

    It seems Sophos is  blocking the virus but are unable to remove the threat. Please see image attached. IF I clean this virus now, it's back after a couple of minutes and Sophos blocks the virus again.

    Image:  http://metcore.co.za/images/Golfclub.jpg

    Thank you

     

  • in reply to Jaco Nel

    Hi Jaco Nel,

    Is the mentioned location (c:\Xpress18) Shared? if yes, the reported file could be in use by another user, preventing the AV from clearing the files.

    Regards,

    Gowtham Mani
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • in reply to Gowtham Mani

    Thank you for the reply. Yes it is a shared folder, mapped as network drive for Patel. As soon as the drive is mapped Sophos immediately blocks this threat. However I did a scan on the local Server (network disabled). It removes the virus but after a reboot the virus is back.

    I will do another scan on the server and clean it again, will keep you posted

     

    Thank you

Unfiltered HTML