AnimeSuki Forum - View Single Post

sa547 · 2008-06-13, 21:38

Quote:

Originally Posted by -KarumA-

kung fu failed me again
the heur virus is still coming back but on a different location where i couldnt get to it manually, in the C:/ system volume something folder
even if removing it after a couple of hours it pops up again on another location, together with a trojan but not always

it is so annoying, no matter how many times AVG vaulths it and deletes it it comes back even when manually deleting it

here the HijackThis file if it is any use, ive never used it before and have no idea what it does

Spoiler for hijackthisref:

btw what do you press again to get into save mode on windows XP, going to do a full system scan in savemode tommorow >.<

Just as Ledgem said, it's F8. Before your Windows boots up you have to press F8 in order to switch into Safe Mode.

Deciphered the hijackthis results and you have a bad guy residing in there. His name is KAVO.EXE and it's a trojan built to steal off online game accounts, especially MMOGs made in China and South Korea:
http://www.sophos.com/security/analy...jlineagaw.html
http://www.symantec.com/security_res...742-99&tabid=2

Method of removal is outlined in this tab:
http://www.symantec.com/security_res...742-99&tabid=3

Just turn off System Restore before taking him out, as these pests sometimes try to reside in the SR backup files to defy deletion. To do it:

1.) Right-click on My Computer > Properties
2.) Find the System Restore tab and remove the check mark for System Restore in order to turn it off.
3.) Click on Ok

Quote:

Originally Posted by nines

[Im running spybot atm i dled one of the virtumonde things from this link
http://www.bleepingcomputer.com/forums/topic18610.html

now my backround still keeps flashing it shows all my icons and bar at the bottom heres pics i still got these things open but the backround stuff will be there and gone and it just keeps flashing back and forth and causes major lag

Spoiler for Normal Screen:

Spoiler for Virus Screen:

and like i said keeps flashing back and forth and deselects everything and if i open wow keeps minimizing me

lol 19 viruses found gonna rescan and see if virtumonde still there still

Spoiler for Virus Scan Done:

Hmmm... which one did you ran? Spybot or that vUndofix?

@Seijisensei: For some reason known only to Microsoft (and they've yet to understand that this feature is an easy target for local script kiddies out for bragging rights), they still kept AUTORUN enabled by default.

So I had this little registry adjustment I found from Nick Brown, who used this kung-fu style to add runtime restriction to AUTORUN.INF files:

Code:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Copy and paste the code into Notepad before saving it as "NORUN.REG" (All Files, not Text Files). Then double-click on the registry mod.

If, for some strange reason, you want Autorun back, Brown gives us a restoration skill:

Code:

REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]

WARNING: That registry mod can be only used in Windows XP (all versions) and possibly in Windows Vista. For other problems regarding Autoplay in Vista, see Mark Russinovich's comment regarding a missing Autorun function.

Update: I'm going to check out AutoRunGuard, which is freely available.