How to remove Korplug.A trojan

[Guest Altangerel]

We're using Nod 32 v 4.2.71.2. The AV detected some PCs has been affected by Korplug.A trojan, but it cannot remove it. Scan log always says "Unable to clean". We tried to remove remove the trojan manually by removing created files and directories. However, when the affected system restarted it will start again. 

Any of you guys encountered this issue and have solution on this?

[Marcos 5,072]

Please post a complete record related to the detection from your threat log. The record should look like as follows:

18. 7. 2013 13:59:44    Real-time file system protection    file    D:\test\kogabontusiq.exe    a variant of Win32/Kryptik.BFXC trojan    cleaned by deleting - quarantined    domain\admin    Event occurred during an attempt to access the file by the application: 

[altangerel 0]

Hi Marcos,

 

Log entry is below:

 

Startup scanner    file    Operating memory » svchost.exe(1616)    a variant of Win32/Korplug.A trojan    unable to clean

[Marcos 5,072]

Please create a SysInspector log as per the instructions here and send it to me as an attachment to a private message.

[Marcos 5,072]

8692We'll be adding detections for new Koreplug variants in update 8692. When available, update the signature database and run a full disk scan. Should it still be detected only in memory, I'll check your SysInspector log for suspicious files.