Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: win32

W32.Perelett.14919 Found in pagefile.sys

 

 

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded


benjamincathey at catheycompany

Nov 21, 2007, 10:09 AM

Post #1 of 5 (2668 views)
Permalink
W32.Perelett.14919 Found in pagefile.sys

My computer started acting funny yesterday morning

This morning I used a Windows Live (part PE) disk and ran McAffee to check for viruses and found a "Generic Trojan.p Dropper" - whatever that is exactly.

Then I rebooted with Insert Security (Live linux Distro), ran freshclam and started scanning my hdd. Apparently my pagefile was infected with W32.Perelett.14919 - ANYONE KNOW WHAT THIS IS/DOES? I looked on the net and could find much. I removed the pagefile.sys and created a new blank file with that name - hopefully that clears it up.

Any input?

Thanks,

Benjamin Cathey
System Administrator
Cathey Company
4917 Tranter St.
Lansing, MI 48910 USA
Phone: 517.393.4720
Fax: 517.393.4225
Toll Free: 800.333.1972
"Service is Our Profession"

**********************
** LEGAL DISCLAIMER **
**********************

This E-mail message and any attachments may contain legally privileged, confidential or proprietary information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this E-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this E-mail message from your computer.

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


sarocet at gmail

Nov 21, 2007, 1:31 PM

Post #2 of 5 (2508 views)
Permalink
Re: W32.Perelett.14919 Found in pagefile.sys [In reply to]

Benjamin Cathey wrote:
> My computer started acting funny yesterday morning
>
> This morning I used a Windows Live (part PE) disk and ran McAffee to check for viruses and found a "Generic Trojan.p Dropper" - whatever that is exactly.
>
A program designed to infect you with another virus.

> Then I rebooted with Insert Security (Live linux Distro), ran freshclam and started scanning my hdd. Apparently my pagefile was infected with W32.Perelett.14919 - ANYONE KNOW WHAT THIS IS/DOES? I looked on the net and could find much. I removed the pagefile.sys and created a new blank file with that name - hopefully that clears it up.
>
> Any input?
>
A virus in the pagefile won't be able to infect you: It can't be run.
However, it's a symptom that it was run, or perhaps downloaded at a
program memory. The chances that it executed on your computer is high.
It can also have installed a different virus.
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


ahoier at gmail

Nov 21, 2007, 4:05 PM

Post #3 of 5 (2468 views)
Permalink
Re: W32.Perelett.14919 Found in pagefile.sys [In reply to]

I would suggest running some other scans from safe mode (with
networking) - google search for "online virus scan" should turn up
some good ones. I suggest first, Windows Live OneCare, Panda
AntiVirus, and then BitDefender. Obviously, these should only be used
one at a time, and not all at the same time; you dont want the
scanners butting heads or anything.

GIve that a go and see what happens, cause yea, it's possible the
"dropper" has infected you with another/different virus.

On Nov 21, 2007 1:09 PM, Benjamin Cathey
<benjamincathey [at] catheycompany> wrote:
> My computer started acting funny yesterday morning
>
> This morning I used a Windows Live (part PE) disk and ran McAffee to check for viruses and found a "Generic Trojan.p Dropper" - whatever that is exactly.
>
> Then I rebooted with Insert Security (Live linux Distro), ran freshclam and started scanning my hdd. Apparently my pagefile was infected with W32.Perelett.14919 - ANYONE KNOW WHAT THIS IS/DOES? I looked on the net and could find much. I removed the pagefile.sys and created a new blank file with that name - hopefully that clears it up.
>
> Any input?
>
> Thanks,
>
> Benjamin Cathey
> System Administrator
> Cathey Company
> 4917 Tranter St.
> Lansing, MI 48910 USA
> Phone: 517.393.4720
> Fax: 517.393.4225
> Toll Free: 800.333.1972
> "Service is Our Profession"
>
> **********************
> ** LEGAL DISCLAIMER **
> **********************
>
> This E-mail message and any attachments may contain legally privileged, confidential or proprietary information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this E-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this E-mail message from your computer.
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>



--
Adam Hoier (B00153796)
CGS 1555 11Z CGS 2571 11Z
COP 1332 01C COP 2700 11Z
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


benjamincathey at catheycompany

Nov 21, 2007, 4:27 PM

Post #4 of 5 (2501 views)
Permalink
Re: W32.Perelett.14919 Found in pagefile.sys [In reply to]

Right - I run a Bitdefender server but will try online scanning. I have used panda before - hate m$ scanning though ;)


Benjamin Cathey
System Administrator
Cathey Company
4917 Tranter St.
Lansing, MI 48910 USA
Phone: 517.393.4720
Fax: 517.393.4225
Toll Free: 800.333.1972
"Service is Our Profession"


----- Original Message -----
From: Adam Hoier
[mailto:ahoier [at] gmail]
To: clamav-win32 [at] lists
Sent: Wed, 21
Nov 2007 19:05:31 -0500
Subject: Re: [clamav-win32] W32.Perelett.14919 Found
in pagefile.sys


>->> I would suggest running some other scans from safe mode (with
>->> networking) - google search for "online virus scan" should turn up
>->> some good ones. I suggest first, Windows Live OneCare, Panda
>->> AntiVirus, and then BitDefender. Obviously, these should only be used
>->> one at a time, and not all at the same time; you dont want the
>->> scanners butting heads or anything.
>->>
>->> GIve that a go and see what happens, cause yea, it's possible the
>->> "dropper" has infected you with another/different virus.
>->>
>->> On Nov 21, 2007 1:09 PM, Benjamin Cathey
>->> <benjamincathey [at] catheycompany> wrote:
>->> > My computer started acting funny yesterday morning
>->> >
>->> > This morning I used a Windows Live (part PE) disk and ran McAffee to check
>->> for viruses and found a "Generic Trojan.p Dropper" - whatever that is
>->> exactly.
>->> >
>->> > Then I rebooted with Insert Security (Live linux Distro), ran freshclam
>->> and started scanning my hdd. Apparently my pagefile was infected with
>->> W32.Perelett.14919 - ANYONE KNOW WHAT THIS IS/DOES? I looked on the net and
>->> could find much. I removed the pagefile.sys and created a new blank file
>->> with that name - hopefully that clears it up.
>->> >
>->> > Any input?
>->> >
>->> > Thanks,
>->> >
>->> > Benjamin Cathey
>->> > System Administrator
>->> > Cathey Company
>->> > 4917 Tranter St.
>->> > Lansing, MI 48910 USA
>->> > Phone: 517.393.4720
>->> > Fax: 517.393.4225
>->> > Toll Free: 800.333.1972
>->> > "Service is Our Profession"
>->> >
>->> > **********************
>->> > ** LEGAL DISCLAIMER **
>->> > **********************
>->> >
>->> > This E-mail message and any attachments may contain legally privileged,
>->> confidential or proprietary information. If you are not the intended
>->> recipient(s), or the employee or agent responsible for delivery of this
>->> message to the intended recipient(s), you are hereby notified that any
>->> dissemination, distribution or copying of this E-mail message is strictly
>->> prohibited. If you have received this message in error, please immediately
>->> notify the sender and delete this E-mail message from your computer.
>->> >
>->> > _______________________________________________
>->> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>->> >
>->>
>->>
>->>
>->> --
>->> Adam Hoier (B00153796)
>->> CGS 1555 11Z CGS 2571 11Z
>->> COP 1332 01C COP 2700 11Z
>->> _______________________________________________
>->> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>->>

**********************
** LEGAL DISCLAIMER **
**********************

This E-mail message and any attachments may contain legally privileged, confidential or proprietary information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this E-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this E-mail message from your computer.

_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32


ahoier at gmail

Nov 21, 2007, 5:14 PM

Post #5 of 5 (2502 views)
Permalink
Re: W32.Perelett.14919 Found in pagefile.sys [In reply to]

you might be surprised ;) A while back when my siblings got some
rootkit on my 'rents computer, Windows Live OneCare online "safety
scanner" saved the day, was able to remove the rootkit using the
safemode with networking ;) So I've added it to my arsenal.

On Nov 21, 2007 7:27 PM, Benjamin Cathey
<benjamincathey [at] catheycompany> wrote:
> Right - I run a Bitdefender server but will try online scanning. I have used panda before - hate m$ scanning though ;)
>
>
> Benjamin Cathey
> System Administrator
> Cathey Company
> 4917 Tranter St.
> Lansing, MI 48910 USA
> Phone: 517.393.4720
> Fax: 517.393.4225
> Toll Free: 800.333.1972
> "Service is Our Profession"
>
>
> ----- Original Message -----
> From: Adam Hoier
> [mailto:ahoier [at] gmail]
> To: clamav-win32 [at] lists
> Sent: Wed, 21
> Nov 2007 19:05:31 -0500
> Subject: Re: [clamav-win32] W32.Perelett.14919 Found
> in pagefile.sys
>
>
> >->> I would suggest running some other scans from safe mode (with
>
> >->> networking) - google search for "online virus scan" should turn up
> >->> some good ones. I suggest first, Windows Live OneCare, Panda
> >->> AntiVirus, and then BitDefender. Obviously, these should only be used
> >->> one at a time, and not all at the same time; you dont want the
> >->> scanners butting heads or anything.
> >->>
> >->> GIve that a go and see what happens, cause yea, it's possible the
> >->> "dropper" has infected you with another/different virus.
> >->>
> >->> On Nov 21, 2007 1:09 PM, Benjamin Cathey
> >->> <benjamincathey [at] catheycompany> wrote:
> >->> > My computer started acting funny yesterday morning
> >->> >
> >->> > This morning I used a Windows Live (part PE) disk and ran McAffee to check
> >->> for viruses and found a "Generic Trojan.p Dropper" - whatever that is
> >->> exactly.
> >->> >
> >->> > Then I rebooted with Insert Security (Live linux Distro), ran freshclam
> >->> and started scanning my hdd. Apparently my pagefile was infected with
> >->> W32.Perelett.14919 - ANYONE KNOW WHAT THIS IS/DOES? I looked on the net and
> >->> could find much. I removed the pagefile.sys and created a new blank file
> >->> with that name - hopefully that clears it up.
> >->> >
> >->> > Any input?
> >->> >
> >->> > Thanks,
> >->> >
> >->> > Benjamin Cathey
> >->> > System Administrator
> >->> > Cathey Company
> >->> > 4917 Tranter St.
> >->> > Lansing, MI 48910 USA
> >->> > Phone: 517.393.4720
> >->> > Fax: 517.393.4225
> >->> > Toll Free: 800.333.1972
> >->> > "Service is Our Profession"
> >->> >
> >->> > **********************
> >->> > ** LEGAL DISCLAIMER **
> >->> > **********************
> >->> >
> >->> > This E-mail message and any attachments may contain legally privileged,
> >->> confidential or proprietary information. If you are not the intended
> >->> recipient(s), or the employee or agent responsible for delivery of this
> >->> message to the intended recipient(s), you are hereby notified that any
> >->> dissemination, distribution or copying of this E-mail message is strictly
> >->> prohibited. If you have received this message in error, please immediately
> >->> notify the sender and delete this E-mail message from your computer.
> >->> >
> >->> > _______________________________________________
> >->> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
> >->> >
> >->>
> >->>
> >->>
> >->> --
> >->> Adam Hoier (B00153796)
> >->> CGS 1555 11Z CGS 2571 11Z
> >->> COP 1332 01C COP 2700 11Z
> >->> _______________________________________________
> >->> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
> >->>
>
>
> **********************
> ** LEGAL DISCLAIMER **
> **********************
>
> This E-mail message and any attachments may contain legally privileged, confidential or proprietary information. If you are not the intended recipient(s), or the employee or agent responsible for delivery of this message to the intended recipient(s), you are hereby notified that any dissemination, distribution or copying of this E-mail message is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete this E-mail message from your computer.
>
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32
>



--
Adam Hoier (B00153796)
CGS 1555 11Z CGS 2571 11Z
COP 1332 01C COP 2700 11Z
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-win32

ClamAV win32 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.