SAS scan found ''fun love' virus-lots of questions - help please ?

EDYTHE · ‎06-15-2009

Hello - did a total sys. scan with NIS -all was 'o.k. /then did one with Malware Bytes; then finally SuperAntiSpyware (free edition) and here's what SAS found (i choose to have it quarantined and then choose to have it 'deleted' which required a reboot -does that program also 'remove' it from my computer ?

How did NISS miss it ;

But then Malware bytes full system scan missed it;

how can i do a 'search' to see if it's 'gone' ;

i rec'd a Iphone photo other day - could it have arrived that way?;

I have my NIS email scan set to 'in/out' scan, but could i have infected those i correspond with ?

Here is what SAS found:

Thanks in advance for any help -Edythe

-----------------------------------------------------------

Virus.FunLove
D:\I386\APPS\APP23742\INSTMSIW.EXE
C:\PROGRAM FILES\COMMON FILES\ZERO G SOFTWARE\SETUP FILES\{662693BE-61F9-45A4-87A4-824BA752C769}\INSTMSIW.EXE

IAmAnon · ‎07-07-2012

Hi Edythe,

The same thing happened to my Toshiba Satellite laptop just two days ago when my wireless capability stopped working, and I could only get online via phoneline. When I ran full scans (Microsoft Security Essentials, Trend Micro Housecall, Malwarebytes, AND Superantispyware), only the SAS found the Funlove virus. This virus bypassed all of my antivirus software, all four of them!, which I always update daily. I understand that Funlove was only a problem many years ago, so I was surprised to see it around again. The only thing that worked to remove it was to download the Symantec removal tool "Fixbrid" from http://www.symantec.com/security_response/writeup.jsp?docid=2002-111518-1429-99

For removal of the Funlove virus, Symantec recommends that the computer's System Restore be temporarily disabled. Please Note that to do so, you would be removing your earlier Restore points for your pc. I did not have to disable the System Restore! What I did was download the Fixbrid tool directly from the Symantec website, then saved it to my Desktop. (Make sure that the Security verification is there, before downloading it). I then hit Start, allowing it to run and detect the Funlove. Then, I restarted my computer, and was amazed that I was NOW again able to access the Internet via wireless. Before I did this process, I cleared my browsing history, temporary files, etc.

In regard to SAS, it was not able to remove the Funlove on its own. I ran a scan three times, and each time when SAS said that Funlove had been removed, the next time that I would run the SAS scan, it would still be present and infecting my pc. The Symantec Fixbrid tool worked great. If you do decide to use it, please visit their link that I included in this message. There are important details on their website that I didn't include here.

They also recommend that one's computer be offline while the FIxbrid is running.

Doesn't it seem a little strange that a virus like Funlove would be around again after all these years, right before Malware Monday is supposed to hit? I wonder if there is more to the picture than what is publicly being told. Or not... anyway, good luck with getting that thing out of your computer.

dickevans · ‎04-08-2008

Welcome,

you said

"The same thing happened to my Toshiba Satellite laptop just two days ago when my wireless capability stopped working, and I could only get online via phoneline. When I ran full scans (Microsoft Security Essentials, Trend Micro Housecall, Malwarebytes, AND Superantispyware), only the SAS found the Funlove virus. This virus bypassed all of my antivirus software, all four of them!, which I always update daily."

Which NOrton product are you running and which version? If any two are active - real-time scanning there may be conflicts which can reduce your overall protection.

We'll be here when you need us

Dick
Win7x64 SP1 current NIS V20

IAmAnon · ‎07-07-2012

Actually, I'm not sure whether the SAS eventually knocked the Funlove out of my pc, or if it was a combination of the FIxbrid removal tool and the SAS. Unsure also as to why all of my antivirus software missed it, and only SAS detected it. One minute I was accessing familiar sites on the web (yahoo, google, etc.), and right after that (when my pc had been inactive for only about five minutes) I had suddenly lost all wireless capability. I just figured it was a typical problem inherent in Toshiba laptops (I understand that they are known for doing this). But then Superantispyware found the Funlove infection.

IAmAnon · ‎07-07-2012

Hello Dick, and thank you for responding.

The only Norton product that I have ever used is the Fixbrid tool that I just downloaded a few hours ago, and mentioned in my first post.

I see what you mean about the realtime.protection, and that could be why Funlove bypassed them all. Good point.

dickevans · ‎04-08-2008

Hi,

you asked

"Hello - did a total sys. scan with NIS -all was 'o.k. /then did one with Malware Bytes; then finally SuperAntiSpyware (free edition) and here's what SAS found (i choose to have it quarantined and then choose to have it 'deleted' which required a reboot -does that program also 'remove' it from my computer ? "

Yes, SAS and Malwarebytes scanners will remove infections they find so long as you follow their directions.

Keep us in the loop, we're here to help

Dick
Win7x64 SP1 current NIS V20

EDYTHE · ‎06-15-2009

Hello ! thanks to you all for your suggestions (below) and thanks, Dick for your help... good to know that SAS actually 'did' remove the virus and yes, i followed its directions to the 'letter' !! also did another 'full' scan by SAS and all was 'clear' - nothing found on the 2nd scan ...

questions: i do have NIS email settings for in/out scan - but should i still notify people i email that they should scan their computer - can that virus be transmitted to them; (2) I have PowerEraser installed - should i now run it also (belt-suspenders operation - LOL) ? (3 ) don't know if i mentioned that i received a photo (attachment) via someone's IPod shortly 'before' getting the virus - could that have been a source however i NEVER open hyperlinks in emails ...(4) from now on, with any photos , i'll do an SAS & MAMB scan; (5) am i playing with 'fire' running 'two' antispyware programs with NIS and if so, which should i disable? however, BOTH SAS & MAMB are ''free editions' that don't offer ''Real Time Protection - in that case is it alright to leave them in place ? (6) Have NIS 2012/ 19.7.15 (7)

Many many thanks for all your help !!!!! Edythe (this was my first virus ever - really threw me !)

PS: do you recommend downloading 'Fixbird' for the 'future' ?

dickevans wrote:
Hi,
you asked
"Hello - did a total sys. scan with NIS -all was 'o.k. /then did one with Malware Bytes; then finally SuperAntiSpyware (free edition) and here's what SAS found (i choose to have it quarantined and then choose to have it 'deleted' which required a reboot -does that program also 'remove' it from my computer ? "
Yes, SAS and Malwarebytes scanners will remove infections they find so long as you follow their directions.
Keep us in the loop, we're here to help

Norton Internet Security / Norton AntiVirus

SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Re: SAS scan found ''fun love' virus-lots of questions - help please ?

Products

Services

Support