|
Posted by Malke on September 18, 2007, 2:50 pm
If you were Registered and logged in, you could reply and use other advanced thread options
JT wrote:
> Hello all,
> I've run into two different windows XP machines at 2 different clients now.
> Norton picks it up as Trojan.KillAV. The files: info.exe, system.exe and
> print.exe all show up in the system with this infection in the
> %winnt%/system32 folder, the startup folder and the run reg keys for
> HKEY_LOCAL_USER and HKEY_LOCAL_MACHINE. In addition you'll see a process
> running called print.exe. Also, you get the following message when attempting
> to access the properties of my computer, when trying to access control panel
> or other system changing areas, either directly or via the RUN menu: "THIS
> OPERATION HAS BEEN CANCELLED DUE TO RESTRICTIONS IN EFFECT ON THIS COMPUTER.
> PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR". The previous error message did not
> relate to a local or group policy. Also, the control panel is no longer
> visable. Oh, and some popups too. It's very resistant to removal and the most
> i've been able to do is disable it by killing the files with a program and
> replacing the infected files with dummy files and locking them. But I can
> never repair the error message with accessing system changing areas. Has
> anyone else had any luck with this?? perhaps been able to remove and repair?
> Any advice or experiance with this would be helpful.
>
> Sorry its so long! Thanks in advace.
> Justin
I haven't seen this on any of my clients' machines but there is a lot of
information about removing it available:
http://www.google.com/search?hl=en&q=Trojan.KillAV&btnG=Google+Search
Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
| 
XML site map