Black worm virus, backup files before 10-3-06

Question

I work in a doctor's office. I got on IE to look as MSN news. Right after I clicked on a news story, this window popped up that said this computer is now infected with the Blackworm Virus and then it opened another window to a bogus Windows security-like connection called Win Anti Virus Pro. My firewall box let it through, my Nortons let it through. I virus scanned with Nortons' and it said it was clean. I did the same with online VirusScan from Network Associates and with Spybot and NoAdware, all came up clean. Then I scanned with Bitdefender online free scan and it found the virus and said that it had cleaned it out. When I rebooted, and went to IE, it was still there. Any suggestions? I am thoroughly frustrated and THIS FRIDAY is March 3rd!

Thanks, Dawn

Answer

This question was answered on March 2, 2006. Much of the information contained herein may have changed since posting.

The black worm is a serious infection that will overwrite user’s files on March 3rd Files include DOC, XLS, MDE, MDB, PPT, PPS, RAR, PDF, PSD, DMP, ZIP The files are overwritten with an error message ( 'DATA Error [47 0F 94 93 F4 K5]').

Obviously, your computer was infected before your the anti-virus’s signature was deployed and will not protect your computer from the black worm now

The First thing you want to do is update your anti virus signatures and back up any files that the worm will delete.

Continue to check this website for updates but it is likely that you will have to rebuild the system from scratch http://isc.sans.org/diary.php?storyid=1067

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by kara of Chandler-Gilbert Community College on March 2, 2006