Israfel Worm (Gedzac Labs) Virus

[Jim]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Is any body familiar with this virus - It apparantly has
embedded itself in my registry and System Recovery files.
I have erased the hard disk several times and re-
installed the operating system, but the damn virus is
still there. Any help?

 

[map]

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

"Jim" wrote:

> Is any body familiar with this virus - It apparantly has
> embedded itself in my registry and System Recovery files.
> I have erased the hard disk several times and re-
> installed the operating system, but the damn virus is
> still there. Any help?
>

If you have erased your disk and did a clean install the worm is not still
there, you are being reinfected with it
It is an HTML worm, coming from a website you visit or an e/mail that you
read.
http://www.google.as/search?sourceid=navclient&ie=UTF-8&q=Israfel+Worm

 

[HTH]

This worm finds *.vbs files and overwrites them with itself (it is a .vbs) You can clean your system but as soon as your restore your data, ANYTHING with a .vbs, (.zip archives!!!!) may carry the virus back into your system. this is how it persists. Look for .vbs files, the filename DOES NOT MATTER, that are 266KB or near that. Open them ONLY with A TEXT VIEWER/EDITOR. If it says "GEDZAC LABS" at the head and/or tail ends, delete it. Check your data back up/restore resources for any suspicious .vbs files.