W32 trojan-gen

Secure Home | Search | About

Lost Password?

Microsoft Applications Security

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

W32 trojan-gen

Zakynthos

01-05-2007

Re: W32 trojan-gen

Malke

01-05-2007

Zak

David H. Lipman

Zak

Zak

David H. Lipman

Zak

Zak

Posted by =?Utf-8?B?WmFreW50aG9z?= on January 5, 2007, 4:26 am

If you were Registered and logged in, you could reply and use other advanced thread options

My computer is infected with this virus/worm and my antivirus program (Avast)
is unable to quarantine/remove/rename/move it etc. although I do know the
path from the dialogue box.

My Windows folder is now showing 15 Gb (with only a 14 Gb hard drive) and I
believe the virus is copying the contents of Windows to that folder on boot
(???)

How can I get rid of this virus/worm/trojan?

Posted by Malke on January 5, 2007, 9:38 am

If you were Registered and logged in, you could reply and use other advanced thread options

Zakynthos wrote:

> My computer is infected with this virus/worm and my antivirus program

> (Avast)

> is unable to quarantine/remove/rename/move it etc. although I do know the

> path from the dialogue box.

> My Windows folder is now showing 15 Gb (with only a 14 Gb hard drive) and

> I believe the virus is copying the contents of Windows to that folder on

> boot (???)

> How can I get rid of this virus/worm/trojan?

Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to do
all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a professional computer repair
shop (not your local version of BigStoreUSA). The only alternative to going
through the malware removal tediously and systematically, probably with
online help from an HJT forum, and taking the machine to a real
professional is to back up your data and do a clean install of Windows.
It's your call. Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed up
before you take the machine into a shop.

Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User

Posted by =?Utf-8?B?WmFreW50aG9z?= on January 5, 2007, 12:18 pm

If you were Registered and logged in, you could reply and use other advanced thread options

Many thanks for your help and advice - not good news, as I'd suspected, but
I'll give it a go before reinstalling the operating system - it's always a
last resort, of course.

"Malke" wrote:

> Zakynthos wrote:

> > My computer is infected with this virus/worm and my antivirus program

> > (Avast)

> > is unable to quarantine/remove/rename/move it etc. although I do know the

> > path from the dialogue box.

> >

> > My Windows folder is now showing 15 Gb (with only a 14 Gb hard drive) and

> > I believe the virus is copying the contents of Windows to that folder on

> > boot (???)

> >

> > How can I get rid of this virus/worm/trojan?

> Go through these general malware removal steps systematically -

> http://www.elephantboycomputers.com/page2.html#Removing_Malware

> Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware

> (formerly Ewido - http://www.ewido.net/en/) and follow instructions to do

> all scans in Safe Mode.

> When all else fails, run HijackThis and post your log in one of the

> specialty forums listed at the link above (not here, please).

> If the procedures look too complex - and there is no shame in admitting this

> isn't your cup of tea - take the machine to a professional computer repair

> shop (not your local version of BigStoreUSA). The only alternative to going

> through the malware removal tediously and systematically, probably with

> online help from an HJT forum, and taking the machine to a real

> professional is to back up your data and do a clean install of Windows.

> It's your call. Please be aware that not all local shops are skilled at

> removing malware and even if they are, your computer may be so infested

> that Windows will need to be clean-installed. Have all your data backed up

> before you take the machine into a shop.

> Malke

> --

> Elephant Boy Computers

> www.elephantboycomputers.com

> "Don't Panic!"

> MS-MVP Windows - Shell/User

Posted by David H. Lipman on January 5, 2007, 4:03 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| My computer is infected with this virus/worm and my antivirus program (Avast)
| is unable to quarantine/remove/rename/move it etc. although I do know the
| path from the dialogue box.
|
| My Windows folder is now showing 15 Gb (with only a 14 Gb hard drive) and I
| believe the virus is copying the contents of Windows to that folder on boot
| (???)
|
| How can I get rid of this virus/worm/trojan?

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Posted by =?Utf-8?B?WmFreW50aG9z?= on January 6, 2007, 11:29 am

If you were Registered and logged in, you could reply and use other advanced thread options

David,

Thanks a lot for all your help and links - I'm following them up now and
will let you know how it went.

"David H. Lipman" wrote:

> | My computer is infected with this virus/worm and my antivirus program (Avast)

> | is unable to quarantine/remove/rename/move it etc. although I do know the

> | path from the dialogue box.

> |

> | My Windows folder is now showing 15 Gb (with only a 14 Gb hard drive) and I

> | believe the virus is copying the contents of Windows to that folder on boot

> | (???)

> |

> | How can I get rid of this virus/worm/trojan?

> Download MULTI_AV.EXE from the URL --

> http://www.ik-cs.com/programs/virtools/Multi_AV.exe

> To use this utility, perform the following...

> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }

> Choose; Unzip

> Choose; Close

> Execute; C:\AV-CLS\StartMenu.BAT

> { or Double-click on 'Start Menu' in C:\AV-CLS }

> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go

through your

> FireWall to allow it to download the needed AV vendor related files.

> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}

> This will bring up the initial menu of choices and should be executed in

Normal Mode.

> This way all the components can be downloaded from each AV vendor's web site.

> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot

the PC.

> You can choose to go to each menu item and just download the needed files or

you can

> download the files and perform a scan in Normal Mode. Once you have downloaded

the files

> needed for each scanner you want to use, you should reboot the PC into Safe

Mode [F8 key

> during boot] and re-run the menu again and choose which scanner you want to

run in Safe

> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

> When the menu is displayed hitting 'H' or 'h' will bring up a more

comprehensive PDF help

> file. http://www.ik-cs.com/multi-av.htm

> Additional Instructions:

> http://pcdid.com/Multi_AV.htm

> * * * Please report back your results * * *

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> http://www.ik-cs.com/got-a-virus.htm

The site map in XML format XML site map