Author Topic: how do remove win32 ciadoor-b [UPX]  (Read 6788 times)

0 Members and 2 Guests are viewing this topic.

matatak6

  • Guest
how do remove win32 ciadoor-b [UPX]
« on: May 27, 2004, 12:15:26 PM »
i cant seem to get rid of this. i followed intructions from my last post (went to symantic for removal instr). it seems to be infected in C:\windows\services.exe \[UPX]
i tried to delete it but avast will not let me cause the file is being used by another application. went into regedit and couldnt find the spool...... files that symantec told me to delete. im running xp pro sp1.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:how do remove win32 ciadoor-b [UPX]
« Reply #1 on: May 27, 2004, 12:55:56 PM »
Quote
i tried to delete it but avast will not let me cause the file is being used by another application.
Boot into Safe Mode (F8 on boot)
"People who are really serious about software should make their own hardware." - Alan Kay

whocares

  • Guest
Re:how do remove win32 ciadoor-b [UPX]
« Reply #2 on: May 27, 2004, 12:58:55 PM »
Please do NOT delete the
 C:\windows\system32\services.exe
but this one:  C:\windows\services.exe (in SafeMode)

try a scan with Onlinescanners from Trend, KAV & RAV (see below or VGREP links in your initial posting) and report findings..

also please post a hijackthis-Log: http://hjt.klaffke.de/en

matatak6

  • Guest
Re:how do remove win32 ciadoor-b [UPX]
« Reply #3 on: May 27, 2004, 04:25:22 PM »
 i seemed to have gotten rid of it. had to go into registry and delete all the services.exe upx. then it allowed me to delete the offending file in c:windows.
i dont know what a hijack log is?
let me know and ill do my  best

matatak6

  • Guest
Re:how do remove win32 ciadoor-b [UPX]
« Reply #4 on: May 27, 2004, 04:27:08 PM »
whoopsy keep forgetting stuff
even in safe mode i could not delete the sucker. it was in use or write protected

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re:how do remove win32 ciadoor-b [UPX]
« Reply #5 on: May 27, 2004, 05:30:04 PM »
If as I believe you are running WinXP, you will need to disable System Restore, reboot and then delete the files, set avast to do a scan on the next boot.

Once you have completed that boot scan and in you can then enable System Restore - a function of system restore is to hang onto deleted files to enable you to recover to a restore point that may need the file. So in order to get rid of the virus file fully you may need to disable system restore.

Do a search in windows Start>Help and Support for system restore for more information of system restore.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

matatak6

  • Guest
Re:how do remove win32 ciadoor-b [UPX]
« Reply #6 on: May 28, 2004, 04:34:16 AM »
here is my hijack this log
my computer seems to running slow and unstady?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88898
  • No support PMs thanks
Re:how do remove win32 ciadoor-b [UPX]
« Reply #7 on: May 28, 2004, 12:56:21 PM »
here is my hijack this log
my computer seems to running slow and unstady?

In order for us to help it is important to give us feed back on our suggestion, did you try them, did they work, what results, etc.

Quote

From symantec site (my point on system restore)

Removal Instructions

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

1.  Disable System Restore (Windows Me/XP).

This can also help others with a similar problem, when they browse or search the forums..
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

whocares

  • Guest
Re:how do remove win32 ciadoor-b [UPX]
« Reply #8 on: May 28, 2004, 01:41:12 PM »
Hi,

- first move hijackthis.exe  to a new, empty folder outside TEMP
- then close all programs/browser windows
- and rerun iHijackthis


"R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
"

If you don't know this searchalot-stuff, fix the above lines

What is O4 - HKLM\..\Run: [IncaPan] IncaPan.Exe  ?
scan the file with Trend & KAV

also install, update, run & fix with Spybot, Ad-Aware & cwshredder (see above search for links)

scan the whole PC in "thorough scan" with updated avast

then post a new hijcakthis-log here, if problems remain

 ;) ;)