LinkBack URL
About LinkBacksMate is getting this virus through his Kaspersky antivirus and it will not go away.Any ideas...........
Virus.Win32.Virut.q
BIGFELLA
Mate is getting this virus through his Kaspersky antivirus and it will not go away.Any ideas...........
Virus.Win32.Virut.q
BIGFELLA
BIGFELLA SAY'S " make love,not war. Get married have both.........."
Has he updated to the latest database? it was only detected a couple of days ago. Also try running a scan in safe mode.
When all else fails look for services and startups in msconfig that aren't right.
My Turbo Build
Thanks to Sponsors:
Motorcycle Panel & Paint
Q-Zar Fremantle
Rated-R Parts
PerthStreetBikes.com and it's generous members
Carlisle Printing - Deals for PSB members
CIC - Competition & Industrial Coatings
Carpet Liquidators - Midland
Update Kaspersky. Reboot in Safe Mode. Full scan.
Possibly even download the latest Kaspersky update, reboot, update and scan. They released an update for it 2 days ago.
Originally Posted by zobo
Cheers ill pass it on now as he put a new hard drive and updated all but it is comming from his storage drive..... love your work ill keep you guys posted.............
BIGFELLA
BIGFELLA SAY'S " make love,not war. Get married have both.........."
This is for the U variant but i dare say the Q variant is very similar. Or it may be that karspersky is seeing it differently.
When the virus executes, it creates the following event so that only one instance of the threat runs on the compromised computer:
Vx_4
Next, the virus attempts to infect all .exe and .scr files on the compromised computer.
It avoids infecting files where the file name starts with any of the following strings:
PSTO
WC32
WCUN
WINC
Next, the virus checks the value for the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\"TargetHost"
The above registry entry contains IP address and port number information. The virus may then use this information to open a back door on the compromised computer.
If the value in the above registry entry is not available, the virus may open a back door on TCP port 80 using the following IRC server:
ircd.zief.pl
It uses the following name on the above channel:
[EIGHT RANDOM CHARACTERS]
The back door allows a remote attacker to download files on to the compromised computer and execute them.
Symantec dont seem to be doing as many fancy targetted threat removal tools as a few years ago and there isnt one for this. Id try AGV or something similar if kasperski isnt getting it. Failing that, download a free trail of Nortons. I know some think its a dirty word but it works.
Safe mode FTW.
In complete darkness we are all the same. It is only our knowledge and wisdom that seperate us. Dont let your eyes deceive you.
Its the little things that make the difference
Hopefully Kaspersky is stopping it doing all that, but it keeps popping up because it's living somewhere K can't get to it. The Safe Mode scan should fix it but good.
Just FYI.
EDIT: wrong stinkin' slash
If it's coming from a storage drive after a fresh install it should be just a matter of deleting the offending file.
My Turbo Build
Thanks to Sponsors:
Motorcycle Panel & Paint
Q-Zar Fremantle
Rated-R Parts
PerthStreetBikes.com and it's generous members
Carlisle Printing - Deals for PSB members
CIC - Competition & Industrial Coatings
Carpet Liquidators - Midland
Yes true its just he is not that flash my old mate Rusty Gates......... on computer stuff..................... It was a mission trying to tell him how to install a new hard drive and pin confic ect....... over the phone whilst i was working today..........If it's coming from a storage drive after a fresh install it should be just a matter of deleting the offending file.[/b]
BIGFELLA
BIGFELLA SAY'S " make love,not war. Get married have both.........."
<div class='quotetop'>QUOTE(TYSON @ Sep 19 2007, 05:17 PM) <{POST_SNAPBACK}>Yes true its just he is not that flash my old mate Rusty Gates......... on computer stuff..................... It was a mission trying to tell him how to install a new hard drive and pin confic ect....... over the phone whilst i was working today..........If it's coming from a storage drive after a fresh install it should be just a matter of deleting the offending file.[/b]
BIGFELLA
[/b][/quote]
I understand bro, been there many times.Good luck.
My Turbo Build
Thanks to Sponsors:
Motorcycle Panel & Paint
Q-Zar Fremantle
Rated-R Parts
PerthStreetBikes.com and it's generous members
Carlisle Printing - Deals for PSB members
CIC - Competition & Industrial Coatings
Carpet Liquidators - Midland
Thanks the gods i don't do THAT for a job anymore. At least now i can just walk over and slap the person upside the head when they've done something dumb.Yes true its just he is not that flash my old mate Rusty Gates......... on computer stuff..................... It was a mission trying to tell him how to install a new hard drive and pin confic ect....... over the phone whilst i was working today..........[/b]
i'd have thought if it's just an infected file, Kaspersky would have just gotten rid of it by now (quarantined/deleted/whatever). Full scan in safe mode FTW for my money.
Update............. All fixed.. Cheers PSB
BIGFELLA
BIGFELLA SAY'S " make love,not war. Get married have both.........."
Posting Permissions
Copyright 2011 © PerthStreetBikes.com Pty Limited (ACN 127 435 858)
By using this website, you are indicating your acceptance of the TERMS OF USE
Technical Services by Parity Networks
Reply With Quote
Bookmarks