Comments for Threat Center - Spyware and Virus Removal

Comment on Lsas.Blaster.Keyloger by Sandra

Sandra — Sun, 21 Mar 2010 02:52:18 +0000

I have Windows 7 and don’t know how to start it in Safe Mode. It is infested with this virus and I have had no success in downloading malaware either from the internet or from a CD. I would like to try to restore to an earlier date, but it won’t let me change the date either. Help please!

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Hagos

Hagos — Thu, 18 Mar 2010 09:30:05 +0000

Please kindly help my computer in removing “Doomsday Has Come: You are infected by Ravo-5002?

Comment on Win32/Cryptor by joecobra1968

joecobra1968 — Thu, 18 Mar 2010 08:50:20 +0000

malwarebytes does indeed bite,,bites the big one! i had this virus and had to use trusty avast 4.8 NOT 5.0

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Megersa Beyene

Megersa Beyene — Wed, 17 Mar 2010 06:18:00 +0000

How can remove ravo-5002 in my desktop computer

Comment on W32/Vora.worm!p2p by Megersa Beyene

Megersa Beyene — Wed, 17 Mar 2010 06:04:52 +0000

My computer is infected by Ravo_5002, What should i do ?

Comment on Infiltration Alert! by UMD

UMD — Mon, 15 Mar 2010 17:15:37 +0000

I am facing the same problem. Malwarebytes can not be run and nor th task manager. I think the rouge software disables it. I also found the file containing the virus but can not delete it!
Please help!

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Awoke Aknaw

Awoke Aknaw — Mon, 15 Mar 2010 06:07:13 +0000

Please kindly help my computer in removing “Doomsday Has Come: You are infected by Ravo-5002″

Comment on free-viruscan.com by Max

Max — Mon, 15 Mar 2010 01:32:27 +0000

I keep getting the pop-ups even while running the scan and the scan was unable to detect it.

Comment on Trojan Horse IRC/Backdoor.SDBot4.gsi by Chachacha

Chachacha — Sun, 14 Mar 2010 11:17:07 +0000

I’m seeing an alert from AVG on this now (only not .gsi but .QGB)

Trojan Horse IRC/Backdoor.SdBot4.QGB

And in this case the warning is for

C:\Program Files\Logitech\SetPoint\Connect.exe

The ODD thing is that AVG doesn’t seem to know anything more about the virus and will give 0 results if I search for it

Comment on Lsas.Blaster.Keyloger by gump

gump — Sat, 13 Mar 2010 16:31:31 +0000

thanks alot peaple you helped me out a shitload…
i could do shit even lost my background tryed to use avg but it wouldn’t let me. after comeing here i realized i had to start in safe mode do a sys. restore from there then use my avg but it’s done and up in running agen so thanks

hey dude you find him i’ll hold him down while you kick him in the balls a few times as long as i in black both his eyes. and may break a finger or 2 lol

Comment on Antivirus 2010 by Louis Cedeno

Louis Cedeno — Thu, 11 Mar 2010 21:13:26 +0000

Sally, I hope your connectivity issue has been resolved. If not, make sure you go into your network adaptor and under tcp/ip ensure that dhcp is selected. if you have an ip there,it’s wrong. Try this.

Comment on Antivirus 2010 by Louis Cedeno

Louis Cedeno — Thu, 11 Mar 2010 20:55:11 +0000

Not everyone gets the same type infection. Remember that viruses now come in packets(blender viruses) releasing bad code depending on the network and o/s weakness.

Comment on Antivirus 2010 by Louis Cedeno

Louis Cedeno — Thu, 11 Mar 2010 20:52:52 +0000

I had a virus (Anti-virus 2010) that was in completely different locations and aliases. Be careful, i think this virus has been updated. It took me 4 hours to get rid of it as i combed the registry.

Comment on Infiltration Alert! by Rick ELder

Rick ELder — Thu, 11 Mar 2010 19:32:37 +0000

I have the virus explained above, but I cannot run any programs to rid my computer of it. They all lead me to ” do you want to purchase anti virus software now?”. Any suggestions to rid this virus are welcome. I have the MalwareBytes software installed previosly but cannot run it!!…Thanks in advance!

Comment on Win.MSSQL.Worm.Helkern by dahne

dahne — Tue, 09 Mar 2010 21:52:59 +0000

how to block intrusion of win.mssql.worm.helkern 61.175.243.101

Comment on Trojan Horse IRC/Backdoor.SDBot4.gsi by k0ba1t

k0ba1t — Mon, 08 Mar 2010 21:13:04 +0000

So, it seems that only AVG antivirus detects this threat. Might it be that this is a fake alarm???

Comment on Win32.TDSS.rtk by DAVO

DAVO — Mon, 08 Mar 2010 10:32:00 +0000

so basically that whole story just to say we should download malwarebytes

Comment on Antivirus 2009 by Jose

Jose — Sun, 07 Mar 2010 23:04:56 +0000

ok someone help me…i got hit by the antivirus xo 2010 which im guessing id the same as ‘09….well everytime i try to open the web or any kind of application it opens a window saying “Open With:” and i click on Internet explorer but it does not do anything…i tried downloading malwarebytes and saved in on the desktop but even when i try to run it, it opens the “Open With:” window not allowing me to open it..i even went another step further and downloaded it from another computer intoa CD and tried to open it in the infected computer but the same damn thing…so far i have the spyware doctor keeping it quarantined and keeping it from poppin up but the computer is still not responding…SO BASICALLY the computer is taken over…anyway to help?? ive tried the “end process” thing also..didnt work…any ideas?? please email me at my email jgoku_3418@yahoo.com if you dont see it up top..thanks

Comment on Surabaya by pankaj

pankaj — Sun, 07 Mar 2010 11:13:53 +0000

how to removed surabaya birthday virus for regedit with edit solution & removal tools.

Comment on Antivirus 2010 by JASON

JASON — Sat, 06 Mar 2010 22:24:56 +0000

did a restore and then got rid of the restore file

Comment on Trojan Horse IRC/Backdoor.SdBot4.FRV by Harpz

Harpz — Fri, 05 Mar 2010 21:44:06 +0000

I got avg and on resident shield there is 2 trojans what shall i do? it say you can remove all threats what happens if i click that

help will be appricated

thank you

Comment on Win32/Cryptor by Easyrider

Easyrider — Fri, 05 Mar 2010 15:59:08 +0000

I had this little blighter today – tried to virsu scan AVG9, got part way but was taking ages, cpu 100%, each object was taking several seconds to scan, so after about 8hours of scanning I aborted and rolled back with system restore – updated AVG, scanned clean, CPU back to normal.

System Restore is such a useful tool – I’d recommend setting it up on every new computer before connecting it to a router and setting it up to automatically set restore points – it’s got me out of a load of holes over the years – do it now!!

Comment on Virus.DOS.Uruguay.poly by natale de risi

natale de risi — Thu, 04 Mar 2010 18:59:12 +0000

windows 7 home edition

Comment on Virus.DOS.Uruguay.poly by natale de risi

natale de risi — Thu, 04 Mar 2010 18:57:11 +0000

just now my kaspersky antivirus. 2010 find this malicius virus-help -. kaspersky not removal .thanks for any help.

Comment on Trojan.Win32.Genome by ESO

ESO — Wed, 03 Mar 2010 23:02:32 +0000

I’m not sure why it’s labeled “LOW RISK” – when I quarantined this last night it took important drivers with it, and crashed my machine.

Comment on Lsas.Blaster.Keyloger by Steve

Steve — Mon, 01 Mar 2010 00:31:31 +0000

I was browsing online and then was suddenly hit with the worm…. First time with a virus. on a new laptop to.
I have no virus block at the moment Ill try to Download Malwarebytes’ Anti-Malware.. (any suggestions) … Thanks….
It said it is eating it’s way through my computer trying to send credit card info. lookin for passwords
pop ups kept on appearing with security tool. tried to deleate security tool but just came back so I turned off the computer.

would someone please find the person
that started this worm and kick him in the balls.
greatly appreaciated.

Comment on Win32/Cryptor by cryptor-virus-be-gone

cryptor-virus-be-gone — Fri, 26 Feb 2010 15:50:23 +0000

I got infected by the Cryptor virus the other day. It significantly deteriorated the performance of my pc- to the point it was maxing my CPU useage to 100% and taking 10 minutes to load any program. This virus really is very destructive and dangerous.

AVG spotted the virus after a manual deep scan (rather than a quick daily scan), removed 141 infected files, but couldn’t clean/remove or quarantine a further 4 infected files. I rebooted my machine and sure enough, the virus was back in all its glory.

I tried running Spyware Search and Destroy, but the virus wouldn’t let the program load or update. I read the above posts and downloaded malwarebytes for free.

The virus prevented me from downloading and running malwarebytes on my machine directly, so I downloaded it from an uninfected machine, saved the .exe file to a memory stick and attempted to run it on my machine.

Again, the virus was clever and wouldn’t let me run the install file on my machine. After reading some more on here, I renamed the .exe file to mbamm.exe and it still wouldn’t run!

I’m guessing the version of the virus I received was a more updated version than others received above. I completely renamed the install file to installme.exe and booted the computer in safe mode.

After I booted in safe mode, the install file managed to install onto my machine without any probs. I did the updates as suggested and ran the program. It found all my infected files, removed them and solved the problem.

I’m now Cryptor virus free! Thanks for all your help and a special gratitude goes to the makers of malwarebytes!

Comment on FullHouse Drive by Leblizy Tondex

Leblizy Tondex — Fri, 26 Feb 2010 13:09:44 +0000

fullhouz had attacked mi pc, help mi with a strong antivirus e.g AVAST antivirus

Comment on Lsas.Blaster.Keyloger by JoeAdmin

JoeAdmin — Tue, 23 Feb 2010 15:25:25 +0000

A VERY important note is included at the end of this article:
1) Download mabm-setup.exe from a non-affected computer. Save the file to the desktop.

2) Re-Name mbam-setup.exe to something else with the .exe extension (like JoeAdmin.exe)

3) Copy the re-named .exe file to a memory stick, or write it to a CD/DVD

4) Restore it to the desktop of your infected PC
and execute it (Scan entire disk).

5) If you have any problems doin this with your current login (which should be a administrator) try creating a new login with administrator privs, loging in as that new login and follow the same instructions.

Comment on Trojan Horse Sheur2.gnw by Joe

Joe — Tue, 23 Feb 2010 02:19:43 +0000

Removed hard drive from laptop and running both AVG and Malwarebytes from a healthy machine. This seems to be taking care of it but only time will tell

Comment on PrivacyProtector Free (Red BioHazard Desktop Screen) by DainXC

DainXC — Mon, 22 Feb 2010 23:43:30 +0000

My Pc was hit with this a few years back. Btw it was not from porn, it was from a infected download from freewareshare.com

Comment on Win32/Cryptor by SolGabrien

SolGabrien — Mon, 22 Feb 2010 21:44:32 +0000

I re-installed my operating system (xp) and it’s fine now – tried everything else beforehand.

Comment on System Security by Rdb

Rdb — Mon, 22 Feb 2010 01:53:55 +0000

Sorry 4 the typo- the word ….. on ….. should not be in my message

Comment on System Security by Rdb

Rdb — Mon, 22 Feb 2010 01:51:47 +0000

The best thing to to is not to get the virus…. When the fake virus message pops up on DO NOT touch it….. simply go to the start menu and turn off your computer and restart it….. YOU WILL NOT GET THE VIRUS AT ALL!

Works every time!

Comment on ~dulla@204 Virus by simon

simon — Mon, 22 Feb 2010 01:47:23 +0000

I very very sorry by the dulla virus plz give me the solution b/c I do any thing with the virus dulla help me how can i remove from my PC . We can’t do with messanger and an other documents please send me a solution

Comment on Email-Worm.Win32.Net by greg

greg — Sun, 21 Feb 2010 16:22:50 +0000

I only get it on a yahoo message board. If its not a real scam, why can’t I shut the virus warning windows down? I can only restart my pc to get the warning pages to quit. Thanks

Comment on Lsas.Blaster.Keyloger by gazza

gazza — Sun, 21 Feb 2010 11:18:58 +0000

i have this virus….its terrible. i first up did a system recovery….big mistake, i wiped everything thinkin it would rid me of this thing…it didnt! Now i can’t do a system restore point (which i should have done first up) because as far as the computers concerned, it had this virus from the start! ahhhhhh its drivin me nuts.

Comment on Antivirus 2010 by MWRadio

MWRadio — Fri, 19 Feb 2010 09:26:42 +0000

As of 2/19/2010 this malware was killing IE and .exe files in XP.

Problems with IE: Go START > RUN (type in regedit and hit enter) look for:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Right click on Default, click Modify. Remove:
“C:\\Documents and Settings\\\\Local Settings\\Application Data\\av.exe\” /START \
Leave:
“C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\”

If you can’t start any programs from desk top links or start menu the .exe shell open command may be broken. Download and run FixExe.reg: hxxp://download.bleepingcomputer.com/reg/FixExe.reg

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Hiwot

Hiwot — Fri, 19 Feb 2010 07:03:20 +0000

How to Remove Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002:

Comment on Cutie Monkey Virus by Jan Joseph "pacman" P. Hernandez

Jan Joseph "pacman" P. Hernandez — Wed, 17 Feb 2010 10:05:45 +0000

where can i get cutie monkey virus?

Comment on Trojan Horse Sheur2.gnw by steve

steve — Wed, 17 Feb 2010 09:57:02 +0000

havin same problem, been trying to kill it for three days now. mine’s SHeur.CLUO.

Comment on Virus.Win32.Virut.ce by Bingo

Bingo — Tue, 16 Feb 2010 12:04:19 +0000

Hello All.
I see this little bugger is still doing the rounds. Vicious little sod!
This is a repost of my messages from July 2009 detailing how I got rid of the problem. It is possible that new victims may not read that far back and I hope my experiences are helpful. Good luck! By the way, still free from this virus.

Bingo
July 22nd, 2009 at 1:28 pm 56

Hello everybody. Only became aware of this thing about 5 days ago when the computer started shutting down and various programs became unworkable. Also, all files on my key drive disappeared and the drive had to be reformatted. Can’t swear that the virus did this but I cnn’t think of anything else to explain it. Windows Firewall (I’m running XP Pro) reported that I had a Virtob infection but AVG, Zone Alarm, and Ad-aware reported nothing. So after a bit of researching, I found the Kaspersky online scanner. This revealed that quite a lot of files were infected with win32.virut.ce but these could not be deleted by the online scanner. However, Kaspersky are doing a Full 30 day trial of Kaspersky Internet Security 2010 and I installed this. On checking drives C, D, and External Drive F, Kaspersky found and disinfected, or deleted, about 700 infected files. Reran the program and a few more files were found and treated. I am completed my third scan and the infection seems to have gone. Can’t say this will work for everyone but it seems to have worked for me. Worth a try and good luck to you. This is one awkward sob. I will report back if the infection recreates itself in the next few days, but so far it’s looking good

Bingo
July 22nd, 2009 at 10:48 pm 57

Following on from earlier post, I found that a few vrt.tmp files were appearing in C:\Documents and Settings\LocalService\Local Settings\Temp but Kaspersky was preventing them loading or connecting to the net. I ran the scan next in Safe Mode and this disinfected the few files which could not be done in normal mode. As of this moment, this machine is now completely free, as far as I can see, of Virut and anything else. All programs and files seem to be working normally and the Kaspersky Network Monitor is showing that there are no suspect connections. Just for information, my operating system is XP Pro SP3. Kaspersky seems to have given me the complete solution to this pest. Well worth giving it a try. Free 30 day trial could rid you of this problem.

Bingo
July 31st, 2009 at 8:35 am 59

Well, just to tie up the story on my experiences, I am now a week on from installing Kaspersky and ridding myself of Virut and it has not reappeared. That about says it all. Would highly recommend Kaspersky for ridding yourself of Virut

Comment on FullHouse Drive by mongwe motho

mongwe motho — Tue, 16 Feb 2010 06:53:34 +0000

I want to remove fullhouse drive from my computer…what are the steps to follow???i need help fast……

Comment on Antivirus 2010 by David

David — Tue, 16 Feb 2010 04:54:08 +0000

try the super anti spyware thats how i got mine out with

Comment on Lsas.Blaster.Keyloger by Herbert

Herbert — Tue, 16 Feb 2010 00:09:49 +0000

Thanks! The information on this blog helped me recover from the LSAS virus…..

Comment on Kiwee Toolbar by Kit

Kit — Sun, 14 Feb 2010 14:39:08 +0000

Nortons has blocked the “Unlocker” file. It says that it contains the Heuristic vrus

Comment on Lsas.Blaster.Keyloger by pat

pat — Sun, 14 Feb 2010 13:45:44 +0000

do system restore it works even if restor says not completed

Comment on P2P-Worm.Win32.Palevo!IK by alioune

alioune — Sat, 13 Feb 2010 21:42:47 +0000

i wanted to ger music from a friends laptop and my phone contacts P2P-Worm.win32.palevo.lbt
i have active KAPERSKY but my kerperky was not able to remove it
what am i to do???
contact me please with my email
sarr_6@hotmail.com

Comment on Virus.Win32.Virut.ce by ken.absolute

ken.absolute — Fri, 12 Feb 2010 21:34:53 +0000

I slaved a SATA drive via USB adapter to copy some data off of it…This som’bitch was on it and it jumped to the hosting PC!

It must get deep into all drives that it finds to make them autorun. Anyway – Sunbelts Vipre anti-malware caught it on the hosting computer and kept it from spreading.

The lesson anyway: be sure and hold down the shift key as you insert a USB drive (even if it’s a adapter for IDE/serial/SCSI) to keep it from auto-running.

wow – this thing… it gets deep into sysvol and even maintenance partitions.

I used Darik’s Boot and Nuke (http://sourceforge.net/projects/dban/) for the guest drive (inc maint partition) after reading about the issues here and I’ve not heard from it again.

My guess is people keep on getting reinfected by using their infected-auto-running USB drives or accessing infected .exe’s that they backed up – unless their is some bios component it can load into that I’ve been luckily enough not to have encountered.

Comment on Trojan Horse Sheur2.gnw by Tech guru

Tech guru — Wed, 10 Feb 2010 16:50:48 +0000

I have found a easy wayto remove this, well. i think it is this, (i realy dont know if they are linked, but i think they are) if you go to the task manager (XP: CTRL+ALT+Delete vista: CTRL+SHIFT+Esc 7: unknown, try ctrl alt delete)

anyway
in the task manger, go to prosese’s, and look for a prosses called “YLq”, if its there, rightclick it and click on “open file location”.
if the file location is locat/temp then just ctrl A and press delete

if its not temp, highlight the file and any other things that start with YL (or there and round abouts) and press delete, if it says try again, go back to the task manger and press stop proses.. your welcom, i just made your computer a little safer

Comment on Dialer.Win32.cutygirls by wail elawoor

wail elawoor — Wed, 10 Feb 2010 09:12:41 +0000

hi roland
i need your e mail

Comment on Dropper.Bravix.A by Butch

Butch — Tue, 09 Feb 2010 23:31:48 +0000

run AVG in windows safe mode and it’ll do the tricj just fine

Comment on Trojan Horse Sheur2.gnw by AHOY

AHOY — Tue, 09 Feb 2010 23:06:27 +0000

SHeur2 CKNB and SHeur2 CKLX I just tried to open the site with those sweet pics on the FB’s friends for sale…stupid I know… Do you know how to remove that?

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by tit

tit — Tue, 09 Feb 2010 13:29:39 +0000

how can remove ravo-5002 in my laptop

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by tit

tit — Tue, 09 Feb 2010 13:28:21 +0000

my laptop is infefcted by ravo-5002. how can I remove this virus

Comment on W32.Svich – 0catch.com by bich ngoc

bich ngoc — Mon, 08 Feb 2010 11:01:25 +0000

Tha nguoi dung noi se yeu minh toi mai thoi thi gio day toi se vui hon. Gio nguoi lac loi buoc chan ve noi xa xoi, cay dang chi rieng minh toi…

Comment on antivirus-live-scan.com by madhar

madhar — Sat, 06 Feb 2010 18:50:39 +0000

help me

Comment on Pyagcore by Jess

Jess — Fri, 05 Feb 2010 19:18:13 +0000

I’ve tried uninstalling the kiwee toolbar but it wont let me! I clicked continue then you see a the outline of a box flash up and go away again. Kiwee toolbar just wont uninstall!! I installed Kiwee ages ago…why is it causing a problem for me now? The same message comes up every time… Pyagcore.search.detection…then loads of other writing i dont understand lol. It stops me from going on MSN and internet explorer so im having to use AOL at the moment. Please can someone help!

Comment on Surabaya by panu

panu — Fri, 05 Feb 2010 08:03:25 +0000

do the above for all ur drives

Comment on Surabaya by suraj

suraj — Fri, 05 Feb 2010 08:02:25 +0000

Press Start -> Run -> cmd (or command) -> press Enter
Type in command box- cd\
Type again in command box- c:
Type again in command box- attrib -s -h -r /d /s -> press Enter
Type again in command box- del autorun.inf -> press Enter
Type again in command box- del thumb*.* -> press Enter

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by Ismail

Ismail — Fri, 05 Feb 2010 06:00:36 +0000

Plse, help me in removing the “Dooms day Has come” which is dameging my computer.

Comment on Doomsday Has Come: YOU ARE iNFECTED BY RAVO_5002 by fishi @ ethiopian

fishi @ ethiopian — Thu, 04 Feb 2010 20:25:07 +0000

please help my laptop our WEBMASTER? I INFECTED TO

Comment on Trojan Horse Sheur2.gnw by Anti Spam

Anti Spam — Thu, 04 Feb 2010 13:42:08 +0000

Another SHeur2 file is send trough MSN! The file is called Picture2525.exe and is found on IP 74.86.216.78. I allready contacted the hoster to remove that file and disconnect the user from internet. The infection found with AVG is : Trojan horse SHeur2.CIDT

It was catched and locked by AVG the minute the file was written on my “safedisk”. Best thing you always must do is only download and safe it. DO NOT DOWNLOAD AND EXECUTE! When you safe the file first, you can scan it with a scanner. If it is infected, it will be locked and can’t infect your computer.

Comment on Antivirus 2010 by George

George — Wed, 03 Feb 2010 21:22:18 +0000

For Sally:

It has a habit of adding or changing the default gateway for the network adapter. Go to the tcp/ip properties if the adapter and click on advanced. remove the gateway entry if there is one.

Comment on Win32/Cryptor by maggiekittie

maggiekittie — Tue, 02 Feb 2010 14:52:14 +0000

I got the virus aswell i just ran avg twice it found some virus and removed them but the main virus was still there ran malwarebytes which i already had on my computer and it found 100 more on top of it and fixed it all the virus is gone as far as i tell, surprised it did way better then avg free:0

Comment on TR/Crypt.XPACK.Gen by s.b

s.b — Tue, 02 Feb 2010 09:07:01 +0000

it also infect the file svchosts file. in the process list in Task Manager in some cases. remove tre proces and then run AV program. ceck again in task manager
hope it works

Comment on TR/Crypt.XPACK.Gen by CJ

CJ — Sat, 30 Jan 2010 01:45:53 +0000

Down load (free) AntiVir Personal software…run the defaul settings. It will remove this virus…I’ve done my ProBono for today. :) Let me know the outcome.

Comment on resycled/boot.com by rickster723

rickster723 — Fri, 29 Jan 2010 16:44:55 +0000

Spyware terminiator eliminates it

Comment on Lsas.Blaster.Keyloger by D Mulyana

D Mulyana — Thu, 28 Jan 2010 15:52:29 +0000

i have tried the save mode way n run the mbam-setup exe (i renamed it first). Yup the mwalbytes can fixed the lsas blaster. Thanx to you all, especially webmaster, now my laptop run normally again

Comment on OSX/Tored.worm by saleem

saleem — Mon, 25 Jan 2010 15:39:50 +0000

hey wassup dude findi out web file

Comment on Virus.Win32.Virut.ce by AZ

AZ — Mon, 25 Jan 2010 08:19:26 +0000

THIS IS THE NASTIEST VIRUS HUMANS HAVE EVER FACED!!!!!!!!! 12 YEARS PC PROFICIENT HAS GIVEN UP AFTER REINSTALLING 64BIT VISTA, WIN 7 XP PRO 10 TIMES…..will completely format now. Installing new OS doesn’t help either, it infects the new OS as well..ANY SUGGESTIONS??????????

Comment on Win32.Tanatos.m by jacob

jacob — Sat, 23 Jan 2010 08:06:14 +0000

AVG can do some extent….one can try even the free version

Comment on ~dulla@204 Virus by Assi

Assi — Fri, 22 Jan 2010 12:09:19 +0000

In one hand it is good to see ethiopians to create this things!!
Don’t to be stupid to loss somebodies file? create antivirus for dulla ! to be prised by 8000000 peoples of ethiopia

Comment on Spy Guard 2008 by Stacy

Stacy — Wed, 20 Jan 2010 03:54:56 +0000

Great program…thank you from the bottom of my heart! It found over 91 infections on a computer that had been rendered useless and removed them. Can’t boost enough…definite go!!!

Comment on “Aurora” Hit Google Services and Others by Roarur.dr : Virus Solution and Removal

Roarur.dr : Virus Solution and Removal — Wed, 20 Jan 2010 01:25:08 +0000

[...] drop multiple malicious files on the computer. Roarur.dr is associated with stage two of the “Aurora” [...]

Comment on Virus.Win32.Virut.ce by Liane

Liane — Mon, 18 Jan 2010 00:48:18 +0000

I found out I had this virus last night.
Kaspersky just detected backdoor.win32.papras.t
It’s go time. *-*

Comment on Lsas.Blaster.Keyloger by chuck

chuck — Sat, 16 Jan 2010 20:31:29 +0000

I had the same problem re lsas virus. I shut the system down, reopened in “safe” mode, then did a “systems restore” dated 2 weeks ago. This is in Windows XP. Took me about 2 minutes and so far it is working.

Comment on ~dulla@204 Virus by Cyber Dan

Cyber Dan — Fri, 15 Jan 2010 09:52:33 +0000

Dear Persons

i want to express my deep concern on this virus from a technical point of view and becuse i have related profession ..but not virsus making lolz! i have made few virus but not like dulla and i have not released them becuse they are for educational purpose only. What i have understood from ~dulla204 is it insert the string ~dulla204 in each file that have extensions like .xlsx .vbp.asp.aspx. and so on…and it strats using a service application(as a windows helpfull application) but.it’s not i have seen some of the prtion of code by opening it in a notpad i have come to undrrstood that it is written in delphi programing language….

Comment on Surabaya by Gopi

Gopi — Wed, 13 Jan 2010 22:26:25 +0000

Thank you guys so much, i was able to remove the virus. Thank you once again.

Comment on Virus.Win32.Virut.ce by psog_choudai

psog_choudai — Tue, 12 Jan 2010 23:27:04 +0000

This stupid bugger’s put me a week of hard work into this computer.

I can’t say that I’m 100% free of the stupidity this thing does, but… I might have easy tips for getting rid of the virus, and some pointers to note for people who might be having issues:

1. The virus indiscriminantly infects all .exe and .scr files (even inside .zip, .rar, .7z, or any other kind of archive.) It also infects mostly system .dll files.

2. It does NOT infect any other “media” file. These include .mp3, .ogg, .wav, .avi, .mpg extensions and the like.

3. It doesn’t matter if you have more than one internal or external HDD or Flash drive (or any media that is rewritable), anything that meets the infection criteria WILL get infected.

4. Even if one file is already infected, the virus and any instances running WILL re-infect the same file in a different section of the coding. Thus, multiple scans are necessary to make sure the file is ABSOLUTELY clean.

So… I have a LOT of music and videos that I’m a little too attached to and that I don’t want to lose. When I noticed that this stupid thing targets executables, I realized that I needed to reformat the HDD carrying the OS. I did, and the virus came back.

I then noticed some strange occurrences. Obviously, port 65520 was being accessed by winlogon.exe and explorer.exe. Even though this was a fresh install, I needed to reformat again already.

So, I took up the task of arming myself to clear out this virus from my system with the following tools:

1. Windows XP CD
2. Hiren’s Boot CD v. 10.0
3. Ubuntu v. 8.04 Live CD

Here’s how that worked.

1. I turned off my computer and unplugged the power cord and the Ethernet cable. Left off for 30 min, then plugged the power cord (not ethernet) back in, then booted to Hiren’s Boot CD.
2. I used Hiren’s Boot CD’s partition tools to delete all partitions and destroy the data in the HDD carrying Windows XP.
3. I used the HDD Regenerator in the Hard Disk tools section to check for corrupted sectors. Usually this only applies to physical errors and not so much to data, but if a section has been damaged it’s good to know. Everything came back clean.
4. Went back to Partition Tools and formatted out an NTFS partition for Windows XP.

5. Rebooted and used the Ubuntu Live CD. Using this I was able to get the drivers for anything that I needed on the computer, and clean virus free copies of them because Linux doesn’t have these kinds of virus issues. I also downloaded Virut Removal Tools and Comodo Internet Security and Dr. Web Cure It!. This is good for people that have lost their recovery CDs or their motherboard or display drivers. I placed all these into a clean USB Flash drive. When I copied everything in, I ejected and disconnected the drive.

6. I rebooted into the Windows XP CD. When asked for the desired partition, I performed yet another Format (not quick) on the blank NTFS partition. Proceeded with installing Windows.

7. When Windows loaded, I connected the USB Flash drive and placed its contents on the desktop. Proceeded with installing everything, starting with the basic motherboard drivers all the way to the AV tools and Security software. Ethernet cable is STILL disconnected.

8. Here I noticed none of the system files were behaving erratically. When Comodo Internet Security asked me to update the Virus DB, I then connected the Ethernet cable. Connections were safe, and port 65520 was not being accessed by any program. Definitions were updated, and port 65520 was eventually blocked.

9. Used Dr. Web Cure It! and performed a complete scan of the computer and all disks connected (USB Flash disconnected) overnight. Found a ridiculous amount of instances of Win32.Virut.56. Also found a few miscellaneous backdoors and other trojans.

10. Removed all files mentioned by the Dr. Web scan. Proceeded to scan computer again with Comodo Internet Security AV scan. Few more infections came up, proceeded to remove those as well.

11. Noticed that none of the removed content was on C:\. Proceeded with a deep scan of both HDDs’ “System Volume Information” folder. Found another ridiculous set of instances of Win32.Virut.Ce. Removed them all.

12. This is where I find myself.

Every time I idle my computer and it accesses the screen saver, I notice that my computer has found yet another instance of Virut in the non-Windows HDD’s “System Volume Information” folder. I did just scan again and found more instances, so I removed those.

I just can’t seem to tell whether the virus is still active, or if it’s just remnants. When I use the system, Comodo does not alert me of anything. Also, websites are not blocked, and media files from that HDD do not further aggravate the system as I use them.

Though, I think I’m pretty clear! Hope this helps as another guide and alternative to clear out Virut.

Comment on Windows Security Alert by Mitchell

Mitchell — Tue, 12 Jan 2010 11:54:38 +0000

brad i had same issue my friend told me to run it in safe mode and so far so good.

Comment on Trojan-Downloader.Zlob.Media-Codec by jesegeary

jesegeary — Sun, 10 Jan 2010 17:11:40 +0000

Хороший сайт. Так держать!!!

Comment on Virus:Win32/Virut.BM by Mike

Mike — Sun, 10 Jan 2010 00:28:49 +0000

try clearing your CMOS / Flash memory directly after removal takes place. be sure to perform a complete shutdown. Then follow what ever steps there are for clearing the CMOS on your system. I’ve read that it worked for others. Apparently if your machine just reboots and doesn’t do a complete shutdown, the virus will reside in RAM and wait for Win to come back up and infect it again. Nasty bug for sure.

Comment on Trojan-Downloader.Zlob.Media-Codec by jesegeary

jesegeary — Sat, 09 Jan 2010 14:02:05 +0000

Уважаемые читатели. С Рождеством христовым хочется вас поздравить. Админу сайта отдельное пожелание-побольше читателей на блоге, креативных интересных статей и всего всего всего :)

Comment on TR/Crypt.XPACK.Gen by Abe

Abe — Thu, 07 Jan 2010 03:52:36 +0000

Hi. I have the following:
TR/Crypt.XPACK.Gen

I’m not sure if it’s still in my system but i have the proof!! My laptop is so slow, everytime i open the laptop, Avira Gaurd is disabled, and sometimes my firewall turns of everytime i open the laptop.

Please help me!!!! I’m not sure if it’s in my laptop but i’m very sure it’s infected!! thanks

Comment on Antivirus 2010 by sally

sally — Wed, 06 Jan 2010 18:53:51 +0000

Hi I had this virus recently and have managed to remove it, but now my p.c wont connect to the internet, hubby seems to thiink it has something to with the firewall settings, he said there are 3 ports that are conncted to the firewall settings that appear to have been changed and we cant work out how to change them back , almost like the virus has changed something!! Can anyone help !!

Comment on Zlob.Porn.Ad Adware by Greg

Greg — Tue, 05 Jan 2010 22:56:51 +0000

What a intresting story When reading could it be the same of related storys in avg free download

Comment on ~dulla@204 Virus by MEEEE

MEEEE — Tue, 05 Jan 2010 17:44:06 +0000

change the file extension to something else, like readme.pdf ==> readme.pdf.SSS
tHIS WILL FOOL THE VIRUS, i HOPE…..GOOD LUCK!

Comment on SmitfraudFixTool by jmcisaac@seascape.ns.ca

jmcisaac@seascape.ns.ca — Tue, 05 Jan 2010 17:32:04 +0000

I bought a subscription to your product(Smitfraudfix) and when I got my conputer reformatted, it disappeared. Could you reinstate this subscription for me please?

John McIsaac

Comment on Lsas.Blaster.Keyloger by How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net

How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net — Tue, 05 Jan 2010 12:55:26 +0000

[...] Tags: how to remove Lsas.Blaster.Keyloger, Lsas Blaster Keyloger, Lsas.Blaster.Keyloger, Lsas.Blaster.Keyloger removal tool, Lsas.Blaster.Keyloger virus via precisesecurity.com [...]

Comment on System Security by How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net

How to remove Lsas.Blaster.Keyloger | Jon Murphy Dot Net — Tue, 05 Jan 2010 12:55:02 +0000

[...] is part of the rogue program System Security which display it as a threat detected. It will then prompt users to download and install the said [...]

Comment on Trojan Horse IRC/Backdoor.SDBot4.gsi by Fernando

Fernando — Tue, 05 Jan 2010 03:53:23 +0000

This trojan popped up when i did a virus scan with AVG, it was linked to my Internet Download Manager…I suppose i have to delete IDM now. Oh well, it was great while it lasted.

Comment on Win32/Cryptor by YDB

YDB — Sat, 02 Jan 2010 22:22:15 +0000

The issue for me is finally resolved!
After following all that was written here AVG kept popping up with virus alerts even though the scans came up clean.
I could not do a system restore since the virus infected to restore files.
Windows update was also not working.
This is what I did:

1. Download the latest Windows Malicious Software Removal Tool at hxxp://www.microsoft.com/downloads/en/default.aspx
run the tool. restart computer.

2. Since windows update wasn’t working I opened up a support ticket at hxxp://support.microsoft.com/ph/6527/en-us/#tab0
click contact a support professional by email. They helped me through the process until I was able to download all the critical security updates I missed.

3. Run a full free PC scan at hxxp://onecare.live.com/site/en-us/default.htm
follow instuctions after scan.

4. Download Microsoft Security Essentials from same website.

5. Disable all anti-virus/spyware programs and run Microsoft Security Essentials complete scan.

6. Repeat steps 3 and 5 until all infections are removed.

Comment on ~dulla@204 Virus by shebaw

shebaw — Sat, 02 Jan 2010 16:32:15 +0000

@Jaffer, why is my comment not costructive? Is that because it pointed out the truth, im confused here!

“We have a number of IT solution providers who are solving a number of problems”… what problems, do you call a stupid straight froward database to calculate some stupid calculations real programming? Where were they when dulla struck? Any real programmer can program a remover for dulla but it took them ages before they can manage that, that shows how inexperienced and dumb they are.

If you have evidences, why don’t you post it here. You make it sound like some type of mesterious mission. And if programming a PE infector is that easy, then why did it take them so long. And how many of the CS graduates here can program a remover for it, how many? I bet 99.99% of the graduates don’t even know the difference between PE infector and some other script “viruses”, let alone knowing the structure of PE and programming a remover for a PE infector virus!!!

Comment on TR/Crypt.XPACK.Gen by me

me — Thu, 31 Dec 2009 18:36:52 +0000

http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSELEX%2EA&VSect=Sn

do exactly as it says, good luck

Comment on Lsas.Blaster.Keyloger by KENNY

KENNY — Tue, 29 Dec 2009 16:57:46 +0000

By the way… once my computer was restored, I installed the “Malwarebytes Anti-Malware” software via the Malwarebytes Anti-Malware Instillation Wizard generated from the mbam-setup link on betanews.com/malwarebytes/mbam-setup.exe

Comment on Lsas.Blaster.Keyloger by KENNY

KENNY — Tue, 29 Dec 2009 16:37:09 +0000

I was having “fits” trying to get rid of the Lsas.Blaster.keyloger worm virus that kept popping up and preventing me from accessing anything that would assist, or, give me a clue as to what was going on. Finally after two and a half hours of several failed repeated attempts to download and run various softwware and clean up tools and devices. I shut off my computer and restarted it. While it was re-booting I pushed the F8 key before the “Windows” started. The computer entered the “safe mode”. I pushed the “enter” key, this allowed me the option to “click-on” as “the administrator”. Once I did this I was given the window option “to,or, not to” enter the safe mode. Choosing “not to” allowed me finally… the option to restore my computer. I clicked “not to” and was then given the option to restore my computer to a previous setting. Since I had been going at the failed attempts to get rid of the Lsas.Blaster.Keyloger worm virus for several hours, I just restored my computer to the previous day. Everything restored perfectly! It worked. This is a slight variation of the suggestion that I recieved in this comment section, except that I didn’t try to run the embam-setup.exe from the “safe mode”. Basically, I made the right decisions by following the instruction options that I was presented with. And as each suceeding window opened during this navigation process I took a breath of reliefe because I could see as I was going in the right direction. Try it! WHATEVER WORKS, RIGHT!!! THANKS

Comment on Anti-Virus Number-1 by jackass

jackass — Tue, 29 Dec 2009 15:09:40 +0000

this is a new spesies threat, warning to you, dont used

Comment on BOO/Sinowal.C by bla

bla — Tue, 29 Dec 2009 07:35:11 +0000

Tried using Avira for the virus and still doesn’t work. the boot repair thing I mean

Comment on ~dulla@204 Virus by Jaffer

Jaffer — Mon, 28 Dec 2009 19:57:02 +0000

Dear Shebaw, ur comment is not constructive. Are sure about what u wrote, i don’t think. We have a number of IT solution providers who are solving a number of problems. anyway u can email me for real evidences.

there r a number of C++ virus scripts on hackers and P2P site anyone with little programming skill specially in C++ can modify and increase the risk of the virus. Its is not a big deal nowadays.

for those who r suffering from ~dulla^@204~ u files could be recovered partially, if u uses Easy Recovery Professional or Advanced Word repair programs. If can’t find the Software emailme at jaffermohATyahooDOTcom
wishing u all including ephrem, all the best.