Mailing List Archive: ClamAV: win32

SCardCint.exe

Index | Next | Previous | View Threaded

klerman.gutierrez at gmail

May 6, 2005, 2:35 PM

Post #1 of 6 (3440 views)
Permalink

SCardCint.exe

Hello,
Recently CLAMWIN detected that this machine has a program named
SCardCint.exe, which is recognized as a worm.
It is in the .clamwin/quarantine folder yet, but I can't remove it
from the system.
Neither stopping the process, nor deleting the file works. Where can I
find information about removing this worm ?.
TVMIA,
Klerman
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

brandys at o2

May 7, 2005, 2:34 AM

Post #2 of 6 (3310 views)
Permalink

Re: SCardCint.exe [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Klerman Gutierrez wrote:
> Hello,
> Recently CLAMWIN detected that this machine has a program named
> SCardCint.exe, which is recognized as a worm.

What worm ? Also my machine hasn't got such file... ;-)

> It is in the .clamwin/quarantine folder yet, but I can't remove it
> from the system.
> Neither stopping the process, nor deleting the file works. Where can I
> find information about removing this worm ?.

Try http://www.rainingfrogs.co.uk for example to find alias for this
worm and google it.

> TVMIA,
> Klerman

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfIu1tuGICzHOh+YRAsMXAJ4+AbA98txqin1ZV9oTw/XhOvtMCACfX8u4
vR2IKbUOFQEm1tvPZGqSOYM=
=wG4+
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

brandys at o2

May 7, 2005, 2:40 AM

Post #3 of 6 (3330 views)
Permalink

Re: SCardCint.exe [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Klerman Gutierrez wrote:
> Hello,
> Recently CLAMWIN detected that this machine has a program named
> SCardCint.exe, which is recognized as a worm.
> It is in the .clamwin/quarantine folder yet, but I can't remove it
> from the system.
> Neither stopping the process, nor deleting the file works. Where can I
> find information about removing this worm ?.
> TVMIA,
> Klerman
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>
>

Just a guess :

W32/Codbot-K [Sophos]

if this is NT/XP OS :

search for SCardClnt service and disable it

remove registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ SCardClnt

and bear in mind that this list is related to ClamAV and not worms ;-)

In future look into alt.comp.anti-virus group.

Regards
Boguslaw Brandys
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfIz6tuGICzHOh+YRAsUzAJ4uteWOKyZX/cLJVi4S+M1ILeW3bgCgij6/
6T3NUH8fQt+60/nCo3p2w/g=
=iFZu
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

brandys at o2

May 7, 2005, 2:41 AM

Post #4 of 6 (3341 views)
Permalink

Re: SCardCint.exe [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bogusław Brandys wrote:
> Klerman Gutierrez wrote:
>
>>>Hello,
>>>Recently CLAMWIN detected that this machine has a program named
>>>SCardCint.exe, which is recognized as a worm.
>>>It is in the .clamwin/quarantine folder yet, but I can't remove it
>>>from the system.
>>>Neither stopping the process, nor deleting the file works. Where can I
>>>find information about removing this worm ?.
>>>TVMIA,
>>>Klerman
>>>_______________________________________________
>>>http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>>>
>>>
>
>
>
> Just a guess :
>
> W32/Codbot-K [Sophos]
>
> if this is NT/XP OS :
>
> search for SCardClnt service and disable it
>
> remove registry keys:
>
> HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ SCardClnt
>
> and bear in mind that this list is related to ClamAV and not worms ;-)
>
> In future look into alt.comp.anti-virus group.

alt.comp.anti-virus is a good choice also

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfI1OtuGICzHOh+YRAkJZAJ4ubzNwZSMJeBznysZTuJPrrKCCrQCfa88B
8GyjC7w0BbsGZYj7ukyA8aY=
=iL8t
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

brandys at o2

May 7, 2005, 2:42 AM

Post #5 of 6 (3323 views)
Permalink

Re: SCardCint.exe [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bogusław Brandys wrote:
> BogusBaw Brandys wrote:
>
>>>Klerman Gutierrez wrote:
>>>
>>>
>>>>>Hello,
>>>>>Recently CLAMWIN detected that this machine has a program named
>>>>>SCardCint.exe, which is recognized as a worm.
>>>>>It is in the .clamwin/quarantine folder yet, but I can't remove it
>>>>
>>>>>from the system.
>>>>
>>>>>Neither stopping the process, nor deleting the file works. Where can I
>>>>>find information about removing this worm ?.
>>>>>TVMIA,
>>>>>Klerman
>>>>>_______________________________________________
>>>>>http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>>>>>
>>>>>
>>>
>>>
>>>
>>>Just a guess :
>>>
>>>W32/Codbot-K [Sophos]
>>>
>>>if this is NT/XP OS :
>>>
>>>search for SCardClnt service and disable it
>>>
>>>remove registry keys:
>>>
>>>HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ SCardClnt
>>>
>>>and bear in mind that this list is related to ClamAV and not worms ;-)
>>>
>>>In future look into alt.comp.anti-virus group.
>
>
>
> alt.comp.anti-virus is a good choice also

Sorry, I mean : alt.comp.virus

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfI2BtuGICzHOh+YRAg7QAJ0Wvl6fBk0Kc3ztUYu8aEoHqHDESgCffhwU
wgZq5ptJjwcrEMzd0XVfQkI=
=AxmL
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

brandys at o2

May 7, 2005, 2:48 AM

Post #6 of 6 (3334 views)
Permalink

Re: SCardCint.exe [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bogusław Brandys wrote:
> BogusBaw Brandys wrote:
>
>>>BogusBaw Brandys wrote:
>>>
>>>
>>>>>Klerman Gutierrez wrote:
>>>>>
>>>>>
>>>>>
>>>>>>>Hello,
>>>>>>>Recently CLAMWIN detected that this machine has a program named
>>>>>>>SCardCint.exe, which is recognized as a worm.
>>>>>>>It is in the .clamwin/quarantine folder yet, but I can't remove it
>>>>>>
>>>>>>>from the system.
>>>>>>
>>>>>>
>>>>>>>Neither stopping the process, nor deleting the file works. Where can I
>>>>>>>find information about removing this worm ?.
>>>>>>>TVMIA,
>>>>>>>Klerman
>>>>>>>_______________________________________________
>>>>>>>http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>>>>>>>
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>Just a guess :
>>>>>
>>>>>W32/Codbot-K [Sophos]
>>>>>
>>>>>if this is NT/XP OS :
>>>>>
>>>>>search for SCardClnt service and disable it
>>>>>
>>>>>remove registry keys:
>>>>>
>>>>>HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\ SCardClnt
>>>>>
>>>>>and bear in mind that this list is related to ClamAV and not worms ;-)
>>>>>
>>>>>In future look into alt.comp.anti-virus group.
>>>
>>>
>>>
>>>alt.comp.anti-virus is a good choice also
>
>
> Sorry, I mean : alt.comp.virus

Also, check twice before removing any system file or registry settings.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCfI8BtuGICzHOh+YRAhZ8AJ9OeCBfyub3IEn28j6y5JCnIR9OzwCfVOF5
8L+Cxlj1ucEYvvsLhHhXoS8=
=crOM
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads