I-Worm/Luder worm still lurking about

[james_k1988]

I recently got a worm on my PC called i-worm/luder (was AVG that picked it up). AVG started spamming me with message about how all these random exe files had been corrupted with this worm, and if tried to open any of the exe files it said a message like "Cannot access file,achive or path. Please make sure you have the proper permissions".

I looked online and saw lots of stuff about i-worm/luder.A and although the name wasnt the same, i tried the same methods to fix it but it didnt work. Also tried other antiviruses (online scanners, prolex (something like that) and avast) but they never even picked it up,was only avg.

I managed to get AVG working to scan, luckily it never got to the .exe file that launches that. It detected about 388 corrupted .exe files and put em all in quarintine, and i assumed it was all over

When i got back from the shops earlier, when i got onto the pc i saw a message the same as before saying a random file had been corrupted with i-worm/luder (although it vanished before i could click anything). Once it went away i didnt get any more, and i just done a scan and it found nothing.

A little afraid that this worm is still lurking about my computer. Has anyone had this thing before or know how to ensure its not on the computer? And even know how the hell it gets onto your pc? (i looked but couldnt find much on this one, just the i-worm/luder.A one). Ive never had a virus thats done anything like this before, that actaully stops the pc running properly. Thanks to the guidelines and instructions on these forums, ive always been pretty clear of spy/adware and all that stuff.

If someone knows about this bugger please let me know. Cheers

 

[howard_hopkinso]

This is taken from HERE.

I-Worm/Luder

Download the following three files ( rmluder.exe, rmluder.nt, rmluder.dos) and run the rmluder.exe file.

You can also specify the disks (or partitions) to heal as a command parameters, e.g.: "rmluder C: D:". If the command is used without parameters, it heals all disks (partitions) on computer.

Note:
Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmluder.nt and rmluder.dos into the same folder as rmluder.exe. After the healing process please run the AVG Complete Test to make sure your computer is virus-free.

Once you`ve done that, please post a fresh HJT log as per the instructions HERE.

Regards Howard

This thread is for the use of james_k1988 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[james_k1988]

I used that, was one of the first i found :knock:

Im at college at the moment so ill get a HJT log when i get home. But i must mention something. Im doing a project at college and i save all my files on my USB 512mb flash drive. Its lately been plugged in often, and this is when ig ot this vorus.

Normally i wouldnt bother with this but now that i recall, it was when i tried to openthe flash drive the other day there, the system went a bit weird and then said (i think) "Win35 socket has encourered a problem and needs to close" (cant remember exact name unfortinately) and then about 2 mintues later i got this worm.

I have used a few computers today at colelge and every one i plug the flash drive into i get this message from norton, and i keep getting these even after its cleaned it

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Risk: W32.Whybo!inf
File: C:\pnp\lan\setup.exe
Location: Unknown Storage
Computer: 1327-10
User: 1327-10\SYSTEM
Action taken: Clean succeeded : Access allowed
Date found: 03 May 2007 12:27:36
Please contact the Helpdesk on 2258

ANd here is a screen of the other screen im getting from norton

http://img205.imageshack.us/img205/6756/untitledlu0.jpg

It is not the same "virus" but is still a bad file nonetheless (it seems). THink i should format the flash drive and backup my stuff. Any thoughts?

(Although last night when i got that one off message about i-worm/luder the flash drive was not inserted. Just thinking this flash drive may be where it came from, although i dunno how )

Will post HJT log when i get home

 

[howard_hopkinso]

Yes, you should reformat the flash drive, otherwise it`s going to infect any machine you plug it into.

Due to what you`ve said, rather than just posting a HJT log, please do the following.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

This thread is for the use of james_k1988 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[james_k1988]

Sorry for no reply, im still here!

I havnt had a chance to run through that yet becuase of what i mentioned before this project. As soon as i get a chance ill do a scan and paste it up. I gotta do this project so i can pass me HND and go in for A+ so its been taking over my life recently

Thanks for the help thus far and ill reply asap once ive got it all done!