Is it a replicating virus....

[thewisecrab]

hi there recently while i was surfing my avast on access scanner picked up EIGHT....yes...EIGHT..TROJANS..b4 i cud counter it my pc hung...so i hard booted the pc... scanned with avast in safe mode...but it was damn slow and didnt pickup any thing....so i loaded NOD32 and it found those trojans lurking in FOUND.011,012,013...ETC,ETC...SO IT REMOVED IT PROMPTLY ..BUT AFTER IT FINISHED...AND I WAS IN MY ROUTINE...IT FOUND SUM THING LIKE SASSER.EXE,LABELED IT AS A WORM and stated it was found in FOUND.018,SO SHUD I REMOVE ALL FOUND.00 files or shud i b more careful... thanx in advance

 

[Kiran.dks]

Try reparing the file first. If it doesn't succeed, proceed to remove operation.

 

[Arsenal_Gunners]

try this
*www.f-secure.com/tools/f-sasser.zip

 

[anandk]

go ahead and listen to ur av's advice. however as a matter of abundnt caution, i sugest u post ur hjt logfile here or at www.hijackthis.de for analysis.

 

[ashwin_ka]

hey wat abt my trojan?HELP

i had posted a query as to how to get rid of the trojan named New Malware.j from my system.it always boots up along with the system..i tried to remove it using macafee 2006 and spybot-search and destroy but of no use...
it resides in the following location:
C:\windows\system32\N5619\smss.exe
i would be really grateful to anyone who would help me get rid of this...
Please...iam desperate...
thanx a lot...

 

[Kiran.dks]

i had posted a query as to how to get rid of the trojan named New Malware.j from my system.it always boots up along with the system..i tried to remove it using macafee 2006 and spybot-search and destroy but of no use...
it resides in the following location:
C:\windows\system32\N5619\smss.exe
i would be really grateful to anyone who would help me get rid of this...
Please...iam desperate...
thanx a lot...

smss.exe is a Sober worm.

Solution:

1. Disable "System Restore" option of Windows.
2. Secondly...
Download: W32.Sober Removal Tool

Download this tool and scan entire system in Windows "Safe Mode".

3. Start>Run> Type "regedit" and click ok.
Edit the Registry:

Navigate to the subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"Services.dll" = "%Windir%\msagent\system\smss.exe"
Exit the Registry Editor.

Registry edit source: Symantec

Restart PC.

 

[thewisecrab]

nod 32 also found nuwar worm in found.00...files and 3 variants in temp internet folder...what shud i do now

 

[Kiran.dks]

Just click "Delete".

 

[thewisecrab]

thanx

 

[khattam_]

The problem must have been that, when you rebooted the computer and restarted it over, then the running virus file must have been corrupted. And when you restarted, a diskcheck should have been performed ( I bet you have FAT32, hehe). Then the corrupted virus file must have been recovered as file???.chk, which contains partial virus file, which must have been later discovered by the antivirus.

hope No problems anymore.........