Not what you were looking for? Ask our experts!
Reply
Visitor
ssapra
Posts: 6
Registered: ‎07-06-2012

System Infected: Worm W32.VBNA.b Activity

[ Edited ]

Hello Norton community,

 

I am using Norton Security Suite 2012. I have been getting a lot of intrusion attempts (every ten minutes; sometimes every hour). Here are all of the details.

 

Severity: High

Activity: An intrustion attempt by api.ipinfodb.com was blocked.

Status: Blocked

Recommended Action: No action required

 

IPS Alert Name: System Infected: Worm W32.VBNA.b Activity

Attacking Computer: api.ipinfodb.com (67.212.77.13, 80)

 

Can anyone please advise how I can fix this?

 

This is the text when I copy this alert to the clipboard:

 

 

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
2012-07-06 13:33:17,High,An intrusion attempt by api.ipinfodb.com was blocked.,Blocked,No Action Required,System Infected: Worm W32.VBNA.b Activity,No Action Required,No Action Required,"api.ipinfodb.com (67.212.77.13, 80)",api.ipinfodb.com/v2/ip_query_country.php?key=e4e497e1ec0a03c3e5e49ab8868bdc755b520583cbf4e31605a016d82147ec63&timezone=off,67.212.77.13 (67.212.77.13),"TCP, www-http"
Network traffic from <b>api.ipinfodb.com/v2/ip_query_country.php?key=e4e497e1ec0a03c3e5e49ab8868bdc755b520583cbf4e31605a016d82147ec63&timezone=off</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME3\WINDOWS\SYSWOW64\CALC.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: System Infected: Worm W32.VBNA.b Activity

 

ANY other user other than the thread starter is not to use any instructions, scripts or proceedures,  The work though in cleaning a system is individual and only for that system due to a number of factors.

 


 

Please do not run any tools unless instructed to do so. 

  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask nothing extra or run things twice
  • If I ask a Question just answer it, don't run anything unless it states.
  • Major steps used:

1. Find

2. Break

3. Destroy

4. Cleanup  (including system as a whole)

 

Please read every post completely before doing anything. 

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :smileylol:)

  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

 

Please read carefully

 

1. Please download aswMBR hxxp://public.avast.com/~gmerek/aswMBR.exe to your desktop. (replace the hxxp with http)
Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT / Yes
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and Please attach the log in the post back, Don't have the program fix anything.

 

Quads

Visitor
ssapra
Posts: 6
Registered: ‎07-06-2012

Re: System Infected: Worm W32.VBNA.b Activity

Thank you for replying.

 

I have attached the aswMBR.txt file.

 

Just a question, I noticed that the MBR.dat file was also created. Since you have not told me anything about this file, I assume I should just leave it alone?

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: System Infected: Worm W32.VBNA.b Activity

Download OTL http://www.bleepingcomputer.com/download/otl/

 

Disable Norton for say 30 minutes

 

Start OTL,  

Click the Scan All Users checkbox.

Change file age to 90 days

 

Press the 

 

 

An OTL.txt  and extras.txt will be created.

 

Quads

Visitor
ssapra
Posts: 6
Registered: ‎07-06-2012

Re: System Infected: Worm W32.VBNA.b Activity

The scan is running now. Would you like me to post these .txt files after the scan finishes?

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: System Infected: Worm W32.VBNA.b Activity

What do you think??  You can use the advanced program youself  and I will leave you to it.

 

Quads

Visitor
ssapra
Posts: 6
Registered: ‎07-06-2012

Re: System Infected: Worm W32.VBNA.b Activity

[ Edited ]

The scan finished. Here are the .txt files.

 

Please, sir. I do not know what to do after running the scan. There does not appear to be any notifications regarding the results of the scan, but this is probably in the two .txt files that have been generated. Please, I need your help to work through this.

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: System Infected: Worm W32.VBNA.b Activity

Ok, a user that uses VM and sandboxie with files like test, a handful of programs for security torrenting,  toolbars that are iffy, and it looks like Malware leftovers.

 

You should know how to remove the malware yourself.

 

Quads

Visitor
ssapra
Posts: 6
Registered: ‎07-06-2012

Re: System Infected: Worm W32.VBNA.b Activity

[ Edited ]

Sir, I downloaded sandboxie TODAY and I have not used it because I didn't know how to get it to work. Please, I'm begging you, tell me how to remove the malware. How would I know the source? Just remove all of these toolbars? I really need your help. All I ask is for a little of your time.

 

PLEASE.

 

I will be honest with you. I do NOT know how to remove the malware.

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: System Infected: Worm W32.VBNA.b Activity

No,   

 

I will let you keep installing programs and using them including VM,  I can see some of the malware objects and what appears that you also had or have as well as the programs.

 

"How would I know the source" that is what the programs are for  and the use other the likes of  VM, but I don't use VM like software.

 

Good luck with all the programs, items VM, Sandboxie and the Malware.

 

Quads