did a virus scan and found this File Name: AO290131.CPY and the path is C:\_Restore\Temp\AO290131.CPY. The virus is called Keywo or Keyworm..I've tried to get rid of it.. using my virus scan,tried to heal it, quaranteened it etc..and it's telling me this file cannot be deleted BUT the wierd part is..the avg does let me delete it once it's in the virus vault BUT WHEN I run a rescan of the AVG it shows up again..I took a look in my registry and didnt seem to be able to find anything that looked like this file..does anyone one have a suggestion out there how I can nail this sucker and put it out to pasture for good?? Thanks-Ob

i cant find any info on the virus anywhere. are you running windows XP?

it looks like your AV software is finding something in the system restore points for windows - which may be why you can't delete it.

a lil puzzling to me too :hmm:

Ok I did a search for keywo-and found a link on the avg sight..apparently its also called BUGBEAR..there is a link on the sight for a utility to get rid of it..thanks anyway :)
Have a good one!

hey i got the same one the other day. Norton poped up and said it had found it a couldn't delete or repair it.

So I tried to manually delete it. It said it was in use by another program, so I shut down everything and then deleted it and it worked. Now the odd thing is that it was not in the recycle bin, which it should have been.

Also, the link on the NAV alert took me to on of the regular description pages on Norton, but there was not really any info. A full system scan after all of this showed no viruses.

weird, huh?

o ok - bugbear is a nasty one

its new this week too - wehich may be how you picked it up

go here for more info on it

http://www.sarc.com/avcenter/venc/data/[email protected]


here is the link for nortons bugbear removal tool

http://www.sarc.com/avcenter/venc/data/[email protected]

just download and run - you dont have to use norton to use the removal tool

hope this helps - :)

What does bugbear do?

Originally posted by Yossarian

annoy you with poups saying 'pr0n has been detected on your computer! click here to end your miserable life'?

you must get that alot eh? :P

Technical virus info:
Bugbear worm's file is a PE EXE (portable executable), 50688 bytes long and it is compressed with UPX file compressor. The worm spreads in e-mail messages as an attachment with randomly-generated names and with one or more extensions.

Subjects and bodies of infected e-mails are also different.
The worm's messages can contain IFrame exploit that allows it to run automatically on some computers when an infected e-mail is viewed (for example, with Outlook and IE 5.0 or 5.01).

Email patch:
This vulnerability is fixed and a patch for it is available on Microsoft
site:
LINK (http://www.microsoft.com/windows/ie/downloads/critical/q290108/default.asp)

What it may look like:
Bugbear can pick up e-mail messages from infected user's databases and send them out with its copy attached. It can place contents of a random text file from an infected hard drive to an infected message's body. The worm can send itself in a message with one of the following subjects - click below -
LINK (http://www.ihug.com.au/ispy/virusinfo/bugbear.htm#subj)

More Info (http://securityresponse.symantec.com/avcenter/venc/data/[email protected])

(Thanks to vicegrip)