Announcement

Collapse
No announcement yet.

Virus which will NOT go away!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • JDMils
    started a topic Virus which will NOT go away!

    Virus which will NOT go away!

    I have a PC which has a virus on it. The virus details are:

    C:\WINDOWS\curslib.dll
    C:\WINDOWS\SYSTEM32\curslib.dll
    C:\WINDOWS\SYSTEM32\curslib.dll.old
    C:\WINDOWS\curslib.lld
    C:\WINDOWS\curslib.dll

    Virus Name: Mal/Xilcter-A

    The PC has the latest version of Sophos installed but Sophos can not remove it and says it has to be removed manually.

    The other strange thing is that there is a process running in memory:

    C:\Documents and Settings\<USERNAME>\Local Settings\Temp\cmlhqv.exe

    No matter how many times I kill the process, it keeps coming back. I have meticulously checked all running processes using GMER and they all look OK! How does this process re-start itself so quickly???

    Anyone know a sure-fire way to get rid of Curslib.dll?

  • ugendar
    replied
    Re: Virus which will NOT go away!

    First scan it with Hijack this.. so it will disable any trojan or virus at startup and then scan it with quick heal antivirus trial version..... it will surely catch and help u in cleaning the virus......for sure

    Leave a comment:


  • biggles77
    replied
    Re: Virus which will NOT go away!

    Originally posted by JDMils
    My pressing question is, how does the malware restart itself each & every time you kill it's process in memory using Task Manager?
    MSCONFIG is always worth a look.

    Leave a comment:


  • Wired
    replied
    Re: Virus which will NOT go away!

    hidden processes / services pretty much.

    Leave a comment:


  • wullieb1
    replied
    Re: Virus which will NOT go away!

    It could also put an entry in the registry that runs a file on boot.

    Leave a comment:


  • Nonapeptide
    replied
    Re: Virus which will NOT go away!

    Originally posted by JDMils View Post
    My pressing question is, how does the malware restart itself each & every time you kill it's process in memory using Task Manager?
    Magic.

    Originally posted by JDMils View Post
    I could not find another process which was monitoring the malware process so how it restarts itself is a mystery I'd like to understand.
    Chances are you've got a rootkit, so you can't trust what you see in Task Manager or any other monitoring program.

    Leave a comment:


  • JDMils
    replied
    Re: Virus which will NOT go away!

    Thanks guys- I managed to get back to the PC and MalwareBytes got rid of the infections from Safe Mode. My pressing question is, how does the malware restart itself each & every time you kill it's process in memory using Task Manager?

    I could not find another process which was monitoring the malware process so how it restarts itself is a mystery I'd like to understand.

    I might even use the new knowledge in my programming from now on so that my app can never die unless closed by the user!!!!

    Any suggestions as to where to go for this info?

    Leave a comment:


  • Nonapeptide
    replied
    Re: Virus which will NOT go away!

    Originally posted by Ossian View Post
    If you think how long you may have been working with this PC, ask yourself if you could have done a clean install quicker?
    Originally posted by Dumber View Post
    Just reinstall. it's much faster and you know you'll be safe again.
    In the time you are trying to fix the machine you already could reinstalled the box
    ^Quoted for truth.

    Nonetheless, if you really want to wage the battle, most antivirus companies offer a free boot disc that you can download as an ISO and run an offline scan from (Kaspersky and Avira, for example). I'm not sure about the license terms as many free A/V products have a statement in the EULA that bars the product from being used in a business environment.

    Offline scans are really the next best thing to a reinstall, although you might not be able to boot up once you're done. You may have to do a repair installation with your Windows disc as a last step.

    Leave a comment:


  • Dumber
    replied
    Re: Virus which will NOT go away!

    Just reinstall. it's much faster and you know you'll be safe again.
    In the time you are trying to fix the machine you already could reinstalled the box

    Leave a comment:


  • Wired
    replied
    Re: Virus which will NOT go away!

    Scan from safe mode and/or from a boot CD. ComboFix / MalwareBytes in safe mode nukes pretty much anything.

    Leave a comment:


  • Blood
    replied
    Re: Virus which will NOT go away!

    These guys will walk you through a complete removal process (assuming it can be removed). They are malware specialists.

    http://support.emsisoft.com/forum/6-...-removal-help/

    Leave a comment:


  • Ossian
    replied
    Re: Virus which will NOT go away!

    Originally posted by JDMils View Post
    Tom, with suggestions like that you should be working for Microsoft!!
    .
    What makes you think I don't -- look at my signature line -- my soul went to them with the first MCP

    Although said jokingly, my "format and reinstall" suggestion had a certain measure of truth in it. In a corporate environment, you cannot afford the time to clean an infected machine, nor the risk that the clean may not be successful. Your key priority is to recover data from the infected machine, then return it to normal service as soon as possible. If you think how long you may have been working with this PC, ask yourself if you could have done a clean install quicker?

    Leave a comment:


  • JDMils
    replied
    Re: Virus which will NOT go away!

    Tom, with suggestions like that you should be working for Microsoft!!

    I'm trying out MalwareBytes now. It actually stopped the file Wincert.dll from starting at boot! I think this file is the initial cause.

    Leave a comment:


  • Ossian
    replied
    Re: Virus which will NOT go away!

    Format and reinstall has had a 100% success rate for me!

    Have you tried Malwarebytes and various "boot time" AV apps such as McAfee's STINGER?

    Leave a comment:

Working...
X