 sj |
||
|
||
Tech: Whistler.blp
| ard mhacha | 17 Oct 05 - 11:53 AM | |
| ard mhacha | 17 Oct 05 - 11:54 AM | |
| JohnInKansas | 17 Oct 05 - 02:04 PM | |
|
|
|
|||||||||||
|
Tech: Whistler.blp
|
Share Thread
|
||||||||||
|
Subject: Tech: Whistler.blp From: ard mhacha Date: 17 Oct 05 - 11:53 AM Can anyone tell me how to get rid of this "virus" which keeps popping up at very short intervals. What is it?. |
|
Subject: RE: Tech: Whistler.blp From: ard mhacha Date: 17 Oct 05 - 11:54 AM Sorry Whistler.blp. |
|
Subject: RE: Tech: Whistler.blp From: JohnInKansas Date: 17 Oct 05 - 02:04 PM The ".blp" file extension is not identified as anything associated with a known filetype. Sophos appears to be the only AV org that identifies anything with the name "Whistler" included. The only removal info they offer is "update your definitions," which assumes you must be using Sophos AV. They give several "alternate identifications" for the malware they call Whistler, but none of these are found at any other AV site I've checked. If the virus identified by Sophos is active, and IF it detects "pirated files" it should flash a fractured English message to the effect of "You have pirate. You are infected. You deserve." It will also attempt to delete anything it thinks is "stolen files" on your machine. (This gives some idea of where you might have gotten it, but it may have been passed on from others.) The problem is that it's apparently not very smart about what's a "pirated file" so it may delete things anywhere on your machine. Sophos implies that they included this threat as early as May 2005, so other AV programs quite likely include it, but possibly under a different name. If you "update definitions" to get the latest ident files for your AV, and run a full system scan, it should tell you what name your AV provider uses to identify anything it finds. Write down the name, and go to your AV provider's site and look for removal instructions. The "Whistler" identified by Sophos is a troj/worm type, and writes files in several places on your computer. Not all of the files contain viral components, so your AV may have deleted the "viral" files but left other crud elsewhere on your machine. A non-viral file in Start or Startup folders may attempt to do something, or a Registry entry that attempts to call for a file to be opened, may give you a "file not found" kind of popup, even after the "virus" has been removed. This usually happens at reboot, but can pop up at any time. Removal of "aftereffects" like this typically requires manual deletion of files and manual editing of the Registry. Since there are a whole lot of necessary files with strange names, this can be risky without specific information about the particular crud on your machine. You may also have something that's not a virus, but is another kind of malware such as Adware or Spyware that your AV ignores. Before resorting to extreme methods you should update definitions and run BOTH Ad-Aware and Spybot S&D in full system scan mode. If a full system scan with a current version of your AV shows nothing; and full scans with current updates of Ad-Aware and Spybot show nothing; I would recommend a visit to one of the web sites that offers malware removal help. Spyware Info is a frequently recommended site. Tom Coyote is a known and respected site. That Computer Guy is another. If you have to resort to one of the above, READ ALL of the FAQ and follow instructions exactly.. You will need to download and run "Hijack This," to get help from any of these, but links for the download should be at any site you go to. You will have to register to get individual help, but sometimes you can find a thread from someone else who's alread presented the same problem. Expect to spend a few hours to read and understand the instructions and to run the required scans, and sometimes to wait a few days for replies; so patience is required. If someone else here has more specific info on your "malware" it would be a big help, but if it's the one identified by Sophos it's sort of a "niche" thing that's not widespread. John |
| Share Thread: |