Guest Altangerel Posted August 15, 2013 Share Posted August 15, 2013 We're using Nod 32 v 4.2.71.2. The AV detected some PCs has been affected by Korplug.A trojan, but it cannot remove it. Scan log always says "Unable to clean". We tried to remove remove the trojan manually by removing created files and directories. However, when the affected system restarted it will start again. Any of you guys encountered this issue and have solution on this? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 15, 2013 Administrators Share Posted August 15, 2013 Please post a complete record related to the detection from your threat log. The record should look like as follows: 18. 7. 2013 13:59:44 Real-time file system protection file D:\test\kogabontusiq.exe a variant of Win32/Kryptik.BFXC trojan cleaned by deleting - quarantined domain\admin Event occurred during an attempt to access the file by the application: Link to comment Share on other sites More sharing options...
altangerel 0 Posted August 15, 2013 Share Posted August 15, 2013 Hi Marcos, Log entry is below: Startup scanner file Operating memory » svchost.exe(1616) a variant of Win32/Korplug.A trojan unable to clean Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 15, 2013 Administrators Share Posted August 15, 2013 Please create a SysInspector log as per the instructions here and send it to me as an attachment to a private message. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,243 Posted August 15, 2013 Administrators Share Posted August 15, 2013 8692We'll be adding detections for new Koreplug variants in update 8692. When available, update the signature database and run a full disk scan. Should it still be detected only in memory, I'll check your SysInspector log for suspicious files. Link to comment Share on other sites More sharing options...
Recommended Posts