Jump to content

Virus attack that disabled smart security

Guest Chuck

By Guest Chuck
in Malware Finding and Cleaning

 Share

Recommended Posts

Guest Chuck

Guest Chuck

Posted
Posted

Hi James, Thankyou for the ideas. But they have all Ben tried already. The on line scanner, when launched from safe mode with networking will complete to 99%, and will then lock up. It will not finish, and will not clean the infection.

Even the latest build of eset, after it was installed and updated, could clean infections, but would not touch the win64 variant.

I understand what the releases say, but there is still an issue here.

After running repairs, and fixing files, only to have them corrupt again, I am beginning to think the .cab files may be infected. I have never heard of this before, nor did I think it was even possible.

This is way past my capabilities, and currently available tools/cleaners. Items like the AVG expiro cleaner did not even touch the win64v ariant of this infection. I will be taking it to a highly reputable shop next week, to let them play with it, and hopefully show me an easy fix, along with the an appropriate "software rookie" comment to boot.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Please carry on as follows:

- download Process Monitor and run it (it will start logging system operations)

- run a scan with cleaning against a file infected with Win64/Expiro.A where the cleaning previously failed

- stop logging

 

Export your Threat log to a file and add it along with the Process monitor log to an archive. When done, upload the archive to a safe location (e.g. Dropbox) and pm me the download link.

Link to comment
Share on other sites
Arakasi

Arakasi 549

Posted
Posted

Just to throw in more to help.....

 

Have you manually browsed your file system in an attempt to locate said virus ?

Start with changing folder options to show hidden files and folders, and show protected os files.

 

Visit the following directories:
C:\programdata

C:\temp

C:\windows\temp

C:\windows\prefetch

c:\users\ [or Documents and settings for older win versions]( Main profile, including all users profile, or public)

*within profile check appdata\local - appdata\locallow - appdata\roaming

C:\Users\'profile'\AppData\LocalLow\Temp

C:\Users\"profile"\AppData\Local\Temp

C:\Users\"profile"\AppData\Local\Microsoft\Internet Explorer

 

are a few you can look in for exe's or dll's

 

If you are having trouble locating profile run a cmd prompt or Startmenu > Run interface and type %userprofile% for current logged on user profile.

 

The way i think, is if normal software cannot remove the virus, manually get rid of it yourself. (this does not always work !! but sometimes you can delete if its not a spread or memory infecting virus) relying on execution.

If you still have troubles....

The next best option is to pull your hard drive and scan with a laptop via usb or second desktop. It may be hiding after logon or boot.

Good luck !

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...