Jump to content

Virus attack that disabled smart security

Guest Chuck

Recommended Posts

Guest Chuck

Hi James, Thankyou for the ideas. But they have all Ben tried already. The on line scanner, when launched from safe mode with networking will complete to 99%, and will then lock up. It will not finish, and will not clean the infection.

Even the latest build of eset, after it was installed and updated, could clean infections, but would not touch the win64 variant.

I understand what the releases say, but there is still an issue here.

After running repairs, and fixing files, only to have them corrupt again, I am beginning to think the .cab files may be infected. I have never heard of this before, nor did I think it was even possible.

This is way past my capabilities, and currently available tools/cleaners. Items like the AVG expiro cleaner did not even touch the win64v ariant of this infection. I will be taking it to a highly reputable shop next week, to let them play with it, and hopefully show me an easy fix, along with the an appropriate "software rookie" comment to boot.

Link to comment
Share on other sites

  • Administrators

Please carry on as follows:

- download Process Monitor and run it (it will start logging system operations)

- run a scan with cleaning against a file infected with Win64/Expiro.A where the cleaning previously failed

- stop logging


Export your Threat log to a file and add it along with the Process monitor log to an archive. When done, upload the archive to a safe location (e.g. Dropbox) and pm me the download link.

Link to comment
Share on other sites

Just to throw in more to help.....


Have you manually browsed your file system in an attempt to locate said virus ?

Start with changing folder options to show hidden files and folders, and show protected os files.


Visit the following directories:




c:\users\ [or Documents and settings for older win versions]( Main profile, including all users profile, or public)

*within profile check appdata\local - appdata\locallow - appdata\roaming



C:\Users\"profile"\AppData\Local\Microsoft\Internet Explorer


are a few you can look in for exe's or dll's


If you are having trouble locating profile run a cmd prompt or Startmenu > Run interface and type %userprofile% for current logged on user profile.


The way i think, is if normal software cannot remove the virus, manually get rid of it yourself. (this does not always work !! but sometimes you can delete if its not a spread or memory infecting virus) relying on execution.

If you still have troubles....

The next best option is to pull your hard drive and scan with a laptop via usb or second desktop. It may be hiding after logon or boot.

Good luck !

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...