Author Topic: norton just found this  (Read 434 times)

Offline newguy

  • Nickel Member
  • ***
  • Posts: 444
norton just found this
« on: August 12, 2003, 10:30:56 PM »
VCL_MUT-based.comp

I found this on a comp while doing a security scan from Norton's site. It was not found by the personal edition software, which has all the updates done. I would really like to get this off my comp, but there are no fixes from symantec, all they say is the following:
Detected as:
VCL_MUT-based.comp

Aliases:
None

Area of Infection:
.COM Files, .EXE Files

Characteristics:
Memory Resident


No additional information.

Does anyone know what this does, and more importantly, how I go about getting it off? Hopefully someone can help, thanks!

Offline Chairboy

  • Probation
  • Plutonium Member
  • *******
  • Posts: 8221
      • hallert.net
norton just found this
« Reply #1 on: August 12, 2003, 11:44:12 PM »
According to the Symantec virus DB, it should be detected by NAV with current definitions:

http://securityresponse.symantec.com/avcenter/venc/dyn/34472.html

Click start, run, then type LUALL and hit enter.  That should start liveupdate so you can get the new defs.

BTW, glad to hear that the online website worked, I'm the QA manager for it!  : )  I'll be sure to share this with the team.
"When fascism comes to America it will be wrapped in the flag and carrying a cross." - Sinclair Lewis

Offline newguy

  • Nickel Member
  • ***
  • Posts: 444
norton just found this
« Reply #2 on: August 13, 2003, 04:15:17 PM »
Ok, I have the Norton 2003 fully updated with Live Update, but it still doesnt find the  VCL_MUT-based.comp virus when I scan. I also tried scanning from DOS, but still no detection. When I scan from Nortons site, however, it finds this virus. I went to the same link you sent me, but there is no removal tool there, as I suspect Norton is supoposed to remove it on its own. This is actually a very hard virus to track down on the net. Ony Nortons database has anything remotely useful to read about it, other than that, there is almost nothing.

Should I be concerned over this? I am thinking of just giving a call to one of your tech guys, as I've never had a problem like this. I'm doing all this for a friend, I sure hope he appreciates it! Hope you can help.

newguy
ASSASSIN

Offline Chairboy

  • Probation
  • Plutonium Member
  • *******
  • Posts: 8221
      • hallert.net
norton just found this
« Reply #3 on: August 13, 2003, 05:11:59 PM »
To see if you really still have it, look in your registry and see if it is in your run line:

HKey_local_machine\Software\Microsoft\Windows\CurrentVersion\Run

If there is a string in there called 'Windows Update' with a value of 'msblast.exe', then you have it.  To get rid of it, just delete that string and find the file on your hard drive (C:\winnt\system32\msblast.exe) and delete it, then run Windows Update to get the patch.
"When fascism comes to America it will be wrapped in the flag and carrying a cross." - Sinclair Lewis