VIRUS : W32.FunLove.4099 
Author Message
 VIRUS : W32.FunLove.4099

Im terrified by this virus!
I have Norton System Works installed but it doesn't works...
I think almost all my files are infected.
What are the caracteristics of this virus? How can I get rid of it?

Thanks for nay kind of help.
Sincerally,

Anselmo Luiz



Tue, 25 Nov 2003 00:29:16 GMT  
 VIRUS : W32.FunLove.4099
This is a summary from F-secure site, if you want the whole article go to:
http://www.f-secure.com/v-descs/funlove.shtml

Funlove is not encrypted or polymorphic. The virus infects PE EXE (Windows
portable executables) on local and network drives. The virus itself is in a
format of a PE executable file with a single file section '.code'.

When an infected file is run, the virus creates FLCSS.EXE file in the
Windows system directory, writes its pure code there and then runs the
generated file. This file becomes virus dropper - it is started by the virus
as a hidden Windows application (under Win9x) or as a service (under WinNT).
The virus also patches the NTLDR and WINNT\System32\ntoskrnl.exe files the
similar way Bolzano virus does. The patched files are not recoverable and
should be restored from backup.

The virus does not have any payload. It contains the following text string:

 ~Fun Loving Criminal~

Go to and download a free copy (for personal use only) of F-secure boot your
computer from a clean dos disk and run F-prot.

--
_______________
Jorge E. Jaramillo
remove no spam to reply directly

Quote:

> Im terrified by this virus!
> I have Norton System Works installed but it doesn't works...
> I think almost all my files are infected.
> What are the caracteristics of this virus? How can I get rid of it?

> Thanks for nay kind of help.
> Sincerally,

> Anselmo Luiz



Tue, 25 Nov 2003 02:40:25 GMT  
 VIRUS : W32.FunLove.4099
This is a summary from F-secure site, if you want the whole article go to:
http://www.f-secure.com/v-descs/funlove.shtml

Funlove is not encrypted or polymorphic. The virus infects PE EXE (Windows
portable executables) on local and network drives. The virus itself is in a
format of a PE executable file with a single file section '.code'.

When an infected file is run, the virus creates FLCSS.EXE file in the
Windows system directory, writes its pure code there and then runs the
generated file. This file becomes virus dropper - it is started by the virus
as a hidden Windows application (under Win9x) or as a service (under WinNT).
The virus also patches the NTLDR and WINNT\System32\ntoskrnl.exe files the
similar way Bolzano virus does. The patched files are not recoverable and
should be restored from backup.

The virus does not have any payload. It contains the following text string:

 ~Fun Loving Criminal~

Go to ftp://ftp.f-secure.com/anti-virus/free/fp-309a.zip and download a free
copy (for personal use only) of F-secure boot your
computer from a clean dos disk and run F-prot.

--
_______________
Jorge E. Jaramillo
remove no spam to reply directly

Quote:

> Im terrified by this virus!
> I have Norton System Works installed but it doesn't works...
> I think almost all my files are infected.
> What are the caracteristics of this virus? How can I get rid of it?

> Thanks for nay kind of help.
> Sincerally,

> Anselmo Luiz



Tue, 25 Nov 2003 02:41:19 GMT  
 VIRUS : W32.FunLove.4099
Hi,

Please visit http://vil.nai.com/vil/virusSummary.asp?virus_k=10419 for all
details of this virus !!

Commandline standalone remover :
http://www.mcafeeb2b.com/naicommon/avert/avert-research-center/tools....

Removing from an enterprise network :
http://download.nai.com/products/Mcafee-AVERT/CLFunLove.rtf

Cleaning NTFS : http://download.nai.com/products/mcafee-avert/flclean.htm

Good Luck !

Orhan


Quote:

> Im terrified by this virus!
> I have Norton System Works installed but it doesn't works...
> I think almost all my files are infected.
> What are the caracteristics of this virus? How can I get rid of it?

> Thanks for nay kind of help.
> Sincerally,

> Anselmo Luiz



Fri, 28 Nov 2003 21:51:03 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. just recieved a new virus W32/Bugbear@MM Virus Found

2. Script Checking for Funlove virus

3. Virus W32.Sobig.C@mm from 3be15be7@news.softvelocity.com

4. For Jeremy Suiter: Received W32.Bugbear virus from you

5. Antigen found W32/Ska.A.Worm virus

6. VIRUS WARNING : W32/Sobig.E@mm

7. W32/Pate.b.worm Virus

8. W32.pinfi Virus

9. W32 KLEZ VIRUS REMOVAL FOR WINDOWS XP

10. Virus: W32.Friendgreet.worm

11. Worm virus: W32/opaserv.worm.f

12. W32.Opaserv.Worm virus

 

 
Powered by phpBB® Forum Software