Ccollgatee Virus
in [Windows Viruses]
|
From: Allen on 1 Feb 2006 20:26 Hi, Can anyone help find a cure for ccollgatee virus. This virus creates subfolder and uses the same name as the parent folder. Appreciate if anyoe can help me. Thanks, Allen
From: David H. Lipman on 1 Feb 2006 20:33 From: "Allen" <Allen(a)discussions.microsoft.com> | Hi, | | Can anyone help find a cure for ccollgatee virus. This virus creates | subfolder and uses the same name as the parent folder. Appreciate if anyoe | can help me. | | Thanks, | | Allen Please provide more facts. What anti virus declared this "virus" name ? That is, what makes you think it is a virus and not some other kind of malware ? -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Allen on 1 Feb 2006 20:53 "David H. Lipman" wrote: > From: "Allen" <Allen(a)discussions.microsoft.com> > > | Hi, > | > | Can anyone help find a cure for ccollgatee virus. This virus creates > | subfolder and uses the same name as the parent folder. Appreciate if anyoe > | can help me. > | > | Thanks, > | > | Allen > > Please provide more facts. > > What anti virus declared this "virus" name ? > > That is, what makes you think it is a virus and not some other kind of malware ? > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > Hi Dave, Actually this is a worm which creates a copy of itself in every folder in all drives of an affected system. The created copies use the folder name appended with the extension EXE. It also drops a copy of itself as NEW FOLDER.EXE in all drives, including drive A, of the affected system. The mentioned routine enables this worm to propagate via floppy disks. It drops the following copies of itself in the Windows folder: calc.exe config_.com mscalc.exe windows.exe It modifies the registry and the file AUTORUN.INF to ensure its automatic execution at every system startup. The said file contains certain commands that are automatically run whenever a certain disk is accessed.
From: David H. Lipman on 1 Feb 2006 21:12 From: "Allen" <Allen(a)discussions.microsoft.com> | Hi Dave, | Actually this is a worm which creates a copy of itself in every folder in | all drives of an affected system. The created copies use the folder name | appended with the extension EXE. It also drops a copy of itself as NEW | FOLDER.EXE in all drives, including drive A, of the affected system. The | mentioned routine enables this worm to propagate via floppy disks. | | It drops the following copies of itself in the Windows folder: | | calc.exe | config_.com | mscalc.exe | windows.exe | It modifies the registry and the file AUTORUN.INF to ensure its automatic | execution at every system startup. The said file contains certain commands | that are automatically run whenever a certain disk is accessed. | At least you provided more information. A little reearch provided the following... W32/Floppy-E -- http://www.sophos.com/virusinfo/analyses/w32floppye.html aka; WORM_GATECOLL.A Based upon the names of the EXE files it drops, your description and the similarity in the name "WORM_GATECOLL.A " to what you posted as "Ccollgatee" I'd say we have a match. What you posted "Ccollgatee" did NOT conform to the naming convention of AV companies. Thus, my need for more information. Start with the Sophos module in the below tool. Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
From: Ben M. Schorr - MVP on 2 Feb 2006 17:16
I don't think I've heard of that one. Have you tried http://housecall.antivirus.com? Their scanner might take care of it. What antivirus software are you running? -- Aloha, -Ben- Ben M. Schorr, OneNote-MVP Roland Schorr & Tower http://www.rolandschorr.com Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm **I apologize but I am unable to respond to direct requests for assistance. Please post questions and replies here in the newsgroup. Mahalo! "Allen" <Allen(a)discussions.microsoft.com> wrote in message news:D336A756-DB06-49C0-96DA-02CE5FE78DF2(a)microsoft.com... > Hi, > > Can anyone help find a cure for ccollgatee virus. This virus creates > subfolder and uses the same name as the parent folder. Appreciate if anyoe > can help me. > > Thanks, > > Allen |