Avast WEBforum
Other => Viruses and worms => Topic started by: mjk123 on February 10, 2003, 04:41:52 PM
-
I have this viruse in internet explorer {system.exe} how can i get ride of it. Thanks for answering
-
Please send us the file, e.g. to support@asw.cz . We'll have a look at it.
Thanks!
-
I have this viruse in internet explorer {system.exe} how can i get ride of it.
Seems to be a BAckdoor. It could be this one Backdoor.Sequel . The problem is, that Avast seems to use generic Names for different Malware. If you want to get more information send that file to Avast, or try to get the real Name for that Backdoor. To get a Name you can use this Link (I hope i do not get in trouble because of this.;)) : http://www.kaspersky.com/remoteviruschk.html
Maybe Avast is able to automaticly get rid of Backdoors with the new Major update announced here in the Forum.
-
avast virus detector is giving a warning "A virus was found" win32 trojan-gen {UPX!} in my computer (VPS version 0301-9, 02/14/2003)
the file name is C:\_restore\temp\a0068002.cpy . I cannot move/rename, delete or repair it. how do I get rid of it? I used Norton antivirus 2002 with updated definitions, but that did not give a virus warning. I used the on-line virus scan from http://housecall.trendmicro.com/housecall/start_corp.asp and it gave the same virus warning as avast did. what to do?
Ronald
-
I forgot to mention that the file name C:\_restore\temp\a0068002.cpy seems to be active. that is why it cannot be removed. how do I get manually into this _restore directory?
Ronald
-
What Virus does Trend report( the exact name)? If i remember correct, than you asre not able to delete Files in the restore folder. Maybe you are able to do it in a dosbox or at least if you boot from a dosdisc.
BTW: What windows do you use and do you use NTFS( if using WinNT/2000/XP)?
-
if it is of help to you. I uses windows ME.
Ronald
-
Realy helpfull would be the Name of that Backdoor Trojan.:)
Back to your Problem. Maybe it is the easiest for you to disable the restorefunction of Winme, restart ME and than activate the Restorfunction again. If you do not know how to do it, take a look at this link: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
-
thanks for your reply. I have solved the problem as follows. I used a bootdisk and after the A prompt I switched to the C prompt and deleted the opposed virus with del C:\_restore\temp I read somewhere that I should not do that but I did. After a restart and scan no virus warning anymore,
Ronald
-
i have also this virus
you can only let it clean if you format your harddisk
-
No, it is *never* necessary to Format your Harddisc to get rid of a Malware. Specially not, if it is "only" a Backdoor/Trojan. Backddor or Trojans are "stand alone Programs" and do not infect other files.
Why do you think that it is necessary to Format your Harddisc?
-
Yes, raman is quite right :) - there is definitely no no need to reformat the hard disk. Just deleting the trojan files is quite enough.
BTW: This "advanced method" (i.e. reformatting) was widely used also in the past - and especially with the boot viruses the virus was the only piece of software which survived the format operation ;)
Pavel
-
I think that info regarding formatting the hard disk has to do with the fact that once a computer has been compromised, the standalone trojan can surely be taken care of, but what else has been compromised (passwords, programs, data, etc.) Unless one knows exacly what happened while somebody may have had remote access to a machine, the only ABSOLUTELY sure way to know what you are dealing with is "format" the Hard drive and start form scratch. :'(
-
Not completly true.
Passwords - you should change your passwords after compromising. Reformatting your hdd doesn't help here.
Data - if you data was stolen, reformatting doesn't help. If your data was changed or deleted, reformatting doesn't help, too. You need backups of your data.
Programs - yes, that can be tricky. But: when the intruder is advaced enough to retain his/her privileged access to your system with modified/tailored binaries unknown to antiviral system, why he/she used the commonly known backdoor to penetrate it? I believe the vast majority of *detected* trojan/backdoor incidents are caused by casual script kiddies, and the danger of sofisticated system changes in them is small.
-
I didn't go into that much detail but Kareld is correct.
;D