Exploit.ANI Virus

Graueradler

Graueradler

Pattern Altitude
Joined
Apr 11, 2005
Messages
2,021
Location
Russellville, AR
Display Name
Display name:
Graueradler
AVG detected an infected temporary internet file on my wife's computer this morning and the file has been deleted.

A complete system scan, still in progress, has reported a change to kernel32.dll. Can this be from the virus or is this just a coincidence?

Not a computer geek. Please answer on a level I might be able to understand.

Thanks
 
Graueradler said:
AVG detected an infected temporary internet file on my wife's computer this morning and the file has been deleted.

A complete system scan, still in progress, has reported a change to kernel32.dll. Can this be from the virus or is this just a coincidence?

Not a computer geek. Please answer on a level I might be able to understand.

Thanks
Click to expand...

Do you understand BAD THING! ?

If AVG can't clean it you'll need to replace the dll from backup. Try System Restore.
 
AVG did delete the file it indicated was infected. It does not indicate that kernel32.dll is infected. It indicates that it has changed. I have restored back to 1 August and it still indicates that the file is changed. A complete scan was performed on 12 Aug. with no infected files found. The computer is not exhibiting any unusual behavior. Also, the computer is completely up to date on Microsoft Windows updates.
 
Last edited:
Graueradler said:
AVG did delete the file it indicated was infected. It does not indicate that kernel32.dll is infected. It indicates that it has changed. I have restored back to 1 August and it still indicates that the file is changed. A complete scan was performed on 12 Aug. with no infected files found. The computer is not exhibiting any unusual behavior. Also, the computer is completely up to date on Microsoft Windows updates.
Click to expand...

Maybe kernel.dll was replaced on a recent Windows update. I just read that the last Tuesday patch was strictly to add more valid license keys.
 
That's a pretty old vulnerability. It was made public early this year, if I'm not mistaken. Had to do with animated cursors. The vulnerability is usually exploited by a Web site containing malicious code, and can cause a cascade of other crap to be downloaded onto the PC.

Are your Windows updates and other Microsoft updates current? I suggest you go to Microsoft Update and update all of your MS software, if you haven't already. Office can be a pain: It often wants the installation media, even sometimes if you use the fullfile versions.

-Rich
 
Some of the stuff I read on the web indicated that microsoft had addressed this vulnerability but that their update was not totally effective. I am sure that Windows and IE are up to date. I hadn't thought about MS Office updates. Best case scenario is that AVG identified and isolated it immediately. It was not identified during a normal periodic scan but while my wife was actually on-line. My concern was raised by the occurrence of the changed system file in the subsequent full system scan that I did.
 
mikea said:
Maybe kernel.dll was replaced on a recent Windows update. I just read that the last Tuesday patch was strictly to add more valid license keys.
Click to expand...

Is the addition of valid license keys something that would alter kernel32.dll?
 
I've scanned the computer with Kaspersky (sp?) and BitDefender on line. Kaspersky found one suspect file that totalvirus said was clean. Spy-bot did find a bunch of things which have now all been removed. AVG must have done its job on preventing Exploit.ANI from getting in.
 
Graueradler said:
I've scanned the computer with Kaspersky (sp?) and BitDefender on line. Kaspersky found one suspect file that totalvirus said was clean. Spy-bot did find a bunch of things which have now all been removed. AVG must have done its job on preventing Exploit.ANI from getting in.
Click to expand...

I'd say it's most likely gone, then.
 
You must log in or register to reply here.
Back
Top