Guest Chuck Posted July 21, 2013 Posted July 21, 2013 Hi James, Thankyou for the ideas. But they have all Ben tried already. The on line scanner, when launched from safe mode with networking will complete to 99%, and will then lock up. It will not finish, and will not clean the infection. Even the latest build of eset, after it was installed and updated, could clean infections, but would not touch the win64 variant. I understand what the releases say, but there is still an issue here. After running repairs, and fixing files, only to have them corrupt again, I am beginning to think the .cab files may be infected. I have never heard of this before, nor did I think it was even possible. This is way past my capabilities, and currently available tools/cleaners. Items like the AVG expiro cleaner did not even touch the win64v ariant of this infection. I will be taking it to a highly reputable shop next week, to let them play with it, and hopefully show me an easy fix, along with the an appropriate "software rookie" comment to boot.
Administrators Marcos 5,462 Posted July 22, 2013 Administrators Posted July 22, 2013 Please carry on as follows: - download Process Monitor and run it (it will start logging system operations) - run a scan with cleaning against a file infected with Win64/Expiro.A where the cleaning previously failed - stop logging Export your Threat log to a file and add it along with the Process monitor log to an archive. When done, upload the archive to a safe location (e.g. Dropbox) and pm me the download link.
Arakasi 549 Posted July 27, 2013 Posted July 27, 2013 Just to throw in more to help..... Have you manually browsed your file system in an attempt to locate said virus ? Start with changing folder options to show hidden files and folders, and show protected os files. Visit the following directories:C:\programdata C:\temp C:\windows\temp C:\windows\prefetch c:\users\ [or Documents and settings for older win versions]( Main profile, including all users profile, or public) *within profile check appdata\local - appdata\locallow - appdata\roaming C:\Users\'profile'\AppData\LocalLow\Temp C:\Users\"profile"\AppData\Local\Temp C:\Users\"profile"\AppData\Local\Microsoft\Internet Explorer are a few you can look in for exe's or dll's If you are having trouble locating profile run a cmd prompt or Startmenu > Run interface and type %userprofile% for current logged on user profile. The way i think, is if normal software cannot remove the virus, manually get rid of it yourself. (this does not always work !! but sometimes you can delete if its not a spread or memory infecting virus) relying on execution. If you still have troubles.... The next best option is to pull your hard drive and scan with a laptop via usb or second desktop. It may be hiding after logon or boot. Good luck !
Recommended Posts