A little disinfection help, please... [Resolved]

[mendhak]

A virus just got into my system. My antivirus, AVG, detected it, and it says:

---------------------------
AVG Resident Shield
---------------------------
Virus
Virus identified Worm/Padobot.I

is found in file
C:\WINDOWS\system32\ftpupd.exe

To remove this virus, please run AVG for Windows
---------------------------
OK
---------------------------

So I did run a full scan on my machine, and no go. It just didn't pick up Padobot.I

So my questions are:

1. What can I do about Padobot.I? Any removal tools or files/registry entries I must delete?

2. What is "ftpupd.exe"? Do I need it?

A little more info: Once in a while, an instance of Internet Explorer will suddenly open up, and head over to some angelfire.com website, where it prompts me to install an ActiveX control. Luckily, some of my gray cells still function, so I close it all. I believe that this is related to Padobot.I.


Note that Norton AV is not an option for me, I simply cannot afford it. Also, this is the only file that seems infected.

Help.

[mendhak]

OK, AVG finally picked it up on the scan, and is asking me whether it should be moved to the virus vault or not.

Once moved, I cannot use it anymore.

So, what is ftpupd.exe???

[visualAd]

http://www.globalhauri.com/html/supp...ode=WOW3000615

Have a quick read of that. The ftpupd.exe file was created by the worm, so it is fine to remove it. It uses the MS LSASS exploit for which Microsoft have released a patch for:

http://www.microsoft.com/technet/sec.../MS04-011.mspx

[mendhak]

If I had the chance, I'd sneeze again. The world needs more people like you.

[visualAd]

Originally posted by mendhak
If I had the chance, I'd sneeze again. The world needs more people like you.