Trouble with virus!

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

Trouble with virus!

Alberto

07-05-2005

Re: Trouble with virus!

David H. Lipman

07-05-2005

Re: Trouble with virus!

Azhar Attari

08-02-2005

Re: Trouble with virus!

Ian Kenefick

08-02-2005

Posted by Alberto on July 5, 2005, 10:24 am

If you were Registered and logged in, you could reply and use other advanced thread options

dear everybody, i have a trouble with some client windows xp in a domain
Windows 2003.... Some client are unable to access to network shares and
there from yesterday!

Symantec Antivirus not reveal anything, but pandasoftware online scan reveal
this:

C:\WINDOWS\system32\Isass.exe
Possible Virus. No disinfected
C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary
Internet Files\Content.IE5\KPAVGXQF\Service[1].exe Possible Virus.
No disinfected

And this also on the Windows 2003 Server.

Can I remove this file? What file are there? TIA

Posted by David H. Lipman on July 5, 2005, 12:23 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| dear everybody, i have a trouble with some client windows xp in a domain
| Windows 2003.... Some client are unable to access to network shares and
| there from yesterday!
|
| Symantec Antivirus not reveal anything, but pandasoftware online scan reveal
| this:
|
| C:\WINDOWS\system32\Isass.exe
| Possible Virus. No disinfected
| C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary
| Internet Files\Content.IE5\KPAVGXQF\Service[1].exe Possible Virus.
| No disinfected
|
| And this also on the Windows 2003 Server.
|
| Can I remove this file? What file are there? TIA
|

Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and
WGET.EXE. It will
simplify the process of using up to 3 different Anti Virus Command Line Scanners
to remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or
FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related
files.

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Posted by Azhar Attari on August 2, 2005, 5:56 pm

If you were Registered and logged in, you could reply and use other advanced thread options

: quoted-printable

--------------BEGIN---------------
Hey=20
Simply Send the File to www.virustotal.com and See the outout and Remove =
the unwanted program....
There is file in %dir%system32 as lsass.exe=20

To know what is Isass.exe read =
http://www.softwarepatch.com/tips/isass.html=20

In www.virustotal.com if your find it as virus select a particular =
antivirus from list and remove it as given in AV and hope your problem =
will be solved
-----------------End-------------

> dear everybody, i have a trouble with some client windows xp in a =

domain=20

> Windows 2003.... Some client are unable to access to network shares =

and=20

> there from yesterday!

>=20

> Symantec Antivirus not reveal anything, but pandasoftware online scan =

reveal=20

> this:

>=20

> C:\WINDOWS\system32\Isass.exe=20

> Possible Virus. No disinfected

> C:\Documents and Settings\NetworkService\Impostazioni locali\Temporary =

> Internet Files\Content.IE5\KPAVGXQF\Service[1].exe Possible =

Virus.=20

> No disinfected

>=20

> And this also on the Windows 2003 Server.

>=20

> Can I remove this file? What file are there? TIA=20

>=20

------=_NextPart_000_0017_01C597DB.1C4B8330
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2745.2800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<DIV><FONT face=3DArial=20
size=3D2><STRONG>--------------BEGIN---------------</STRONG></FONT></DIV>=

<DIV><FONT face=3DArial size=3D2><STRONG>Hey </STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>Simply Send the File to =
</STRONG></FONT><A=20
href=3D"http://www.virustotal.com"><FONT face=3DArial=20
size=3D2><STRONG>www.virustotal.com</STRONG></FONT></A><FONT =
face=3DArial=20
size=3D2><STRONG> and See the outout and Remove the unwanted=20
program....</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>There is file in %dir%system32 =
as lsass.exe=20
</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>To know what is Isass.exe read=20
</STRONG></FONT><A =
href=3D"http://www.softwarepatch.com/tips/isass.html"><FONT=20
face=3DArial=20
size=3D2><STRONG>http://www.softwarepatch.com/tips/isass.html</STRONG></F=
ONT></A><FONT=20
face=3DArial size=3D2><STRONG> </STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><STRONG></STRONG></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><STRONG>In </STRONG></FONT><A=20
href=3D"http://www.virustotal.com"><FONT face=3DArial=20
size=3D2><STRONG>www.virustotal.com</STRONG></FONT></A><FONT =
face=3DArial=20
size=3D2><STRONG> if your find it as virus select a particular =
antivirus from=20
list and remove it as given in AV and hope your problem will be=20
solved</STRONG></FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2><STRONG>-----------------End-------------</STRONG></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>"Alberto" <</FONT><A=20
size=3D2>anonymous@ms.com</FONT></A><FONT face=3DArial size=3D2>> =
wrote in message=20
face=3DArial=20
face=3DArial=20
size=3D2>...</FONT></DIV><FONT face=3DArial size=3D2>> dear =
everybody, i have a=20
trouble with some client windows xp in a domain <BR>> Windows =
2003.... Some=20
client are unable to access to network shares and <BR>> there from=20
yesterday!<BR>> <BR>> Symantec Antivirus not reveal anything, but=20
pandasoftware online scan reveal <BR>> this:<BR>> <BR>>=20
C:\WINDOWS\system32\Isass.exe <BR>> Possible=20
Virus.           &=
nbsp;  =20
No disinfected<BR>> C:\Documents and =
Settings\NetworkService\Impostazioni=20
locali\Temporary <BR>> Internet=20
Files\Content.IE5\KPAVGXQF\Service[1].exe     &n=
bsp;  =20
Possible Virus. <BR>> No disinfected<BR>> <BR>> And this also =
on the=20
Windows 2003 Server.<BR>> <BR>> Can I remove this file? What file =
are=20
there? TIA <BR>> <BR>> </FONT></BODY></HTML>

------=

Posted by Ian Kenefick on August 2, 2005, 6:10 pm

If you were Registered and logged in, you could reply and use other advanced thread options

On Wed, 3 Aug 2005 03:26:17 +0530, "Azhar Attari"

>--------------BEGIN---------------

>Hey

>Simply Send the File to www.virustotal.com and See the outout and Remove the

unwanted program....

>There is file in %dir%system32 as lsass.exe

>To know what is Isass.exe read http://www.softwarepatch.com/tips/isass.html

>In www.virustotal.com if your find it as virus select a particular antivirus

from list and remove it as given in AV and hope your problem will be solved

>-----------------End-------------

What a rediculously formatted message. It's all over the place!

--
Ian Kenefick
http://www.ik-cs.com
http://antivirus.ik-cs.com

Similar Threads	Posted
Trouble with S&D	July 14, 2005, 10:46 am
Re: Trouble connecting to certain sites with IE7	March 5, 2008, 3:04 pm
HELP: Virus is preventing me from installing anti virus software!!	January 11, 2007, 2:17 am
I have a virus that uses "anti virus software" downloads as a cover up	March 24, 2007, 1:40 pm
I have a worm or virus that does not allow me to go to ANY anti-virus website	January 28, 2006, 10:29 pm
Caught a Virus: Virus:Trj/Shutdown.Z -- need advice	June 13, 2007, 12:59 am
Vundo fix not finding vundo virus - windows tool deletes virus	May 14, 2008, 2:06 pm
Does anybody know what virus i've got?	July 5, 2005, 8:23 am
New Virus?	July 6, 2005, 11:22 am
virus	July 19, 2005, 12:20 pm

The site map in XML format XML site map