Hello,

I was wondering if anyone has ever heard of the W32/Steph-A virus? My virus scanner picked it up today in about 27 infected files. I've been looking around on various sites and cannot find any worm or virus with this name. Maybe it's new? I'm running WinXP Pro. What it seems to do is create a folder called setup32 in my C:\windows\system32 directory and in that folder contained 27 ececutable files which all had names of valid programs installed on my pc. In the directory is a text file named readthisworld.txt. It also seemed to run a program called directxset.exe upon windows startup. There's an old W97 macro virus with a similar name but I don't think they are related. Anyone ever heard of this thing. The infected files are quarentined right now but I don't want to shred them until I know what this thing does.

Sorry about the second post, but I just found some info on another forum under a search for that directxset.exe file. Apparently this is a P2P virus that has several different names. I must have got it through KazzaLite. I provided the link to the McAfee site in case anyone's interested. Sorry to waste a post.

http://vil.nai.com/vil/content/v_100098.htm#VirusInfo

Viruses often have many pseudonyms and variants and a simple Google search for w32 steph virus (http://www.google.ie/search?hl=en&ie=UTF-8&oe=UTF-8&q=w32+Steph+virus&btnG=Google+Search&meta=) or something similar will usually lead you in the right direction. Glad you got there anyways.

i should've broadeded my search before jumping the gun. i guess went straight into "oh s**t" mode when i saw the virus on my machine. thanks for the tips.

I know the feeling. The only time I have had a virus on my machine was when Klez started to download and Norton caught it. Even though it was quarantined, I had to really restrain myself from wiping the drive and starting over. I had just worked on a system for a friend that had been Klezed and I knew how destructive it could be. Just have to breathe and slow down when that happens...Bummer that we even have to deal with it.... :rolleyes: :eek: :rolleyes:

This raises a questions for me...does Norton protect against worms/trojans? My son downloads a lot using Shareza and I do a full virus scan every night (with NAV 2003), but I have never seen any infections. If I had a worm/trojan installed, can it detect them? Also, does it now protect against the KLEZ and its variants. I have run live update every week since installing it.

It will protect against virus infections like the Klez if you have email protection enabled. It may not protect agains all forms of trojans and particularly spyware since the user will actually give permission to install much of this garbage when they install or download programs. This makes them technically legit. If you do any file sharing (like MP3s), it is a good idea to run a firewall, do regular spyware scans, and possibly run a trojan hunter in addition to your antivirus.

I'm running NAV 2003 and Norton Firewall, and I do a Spybnot scan regularly. Any tips/recommendations on trojan hunter software? Is that something separate from Spybot?

Apparently Spybot may pick up on a trojan, but that isn't its main purpose. I would check mjc's security thread for trojan scanners:

http://www.pcguide.com/vb/showthread.php?s=&threadid=15179