IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Kido removal, KAV2009 unable to clean/disinfect kido.ih virus
Shinoy
post 19.07.2009 21:17
Post #1


Newbie
*

Group: Members
Posts: 7
Joined: 25.04.2009




Hi

I have some kido.ih virus detected in my USB flash drive , which kaspersky unable to clean /disinfect , please help,
OS vista home premium , sp2 . /KAV 2009.

I am attaching the sysinfo.zip

19/07/09 20:05:51 File K:\ autorun.inf Postponed
19/07/09 20:16:13 File K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx/PE_Patch.UPX/ UPX Postponed


This post has been edited by Shinoy: 19.07.2009 21:22
Attached File(s)
Attached File  sysinfo.zip ( 23,16K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Lucian Bara
post 19.07.2009 22:28
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
with the stick inserted, run this script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx','');
DeleteFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx');
QuarantineFile('K:\ autorun.inf','');
DeleteFile('K:\ autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328

and do another scan after the reboot
Go to the top of the page
 
+Quote Post
Shinoy
post 20.07.2009 00:38
Post #3


Newbie
*

Group: Members
Posts: 7
Joined: 25.04.2009




Hi,

I have executed the script as it is, but only one infection cleaned,the other is still there -the autorun.inf not deleted.

please help
Thank you.

Shinoy.


QUOTE(Lucian Bara @ 19.07.2009 22:28) *
hello
with the stick inserted, run this script:
CODE
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx','');
DeleteFile('K:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx');
QuarantineFile('K:\ autorun.inf','');
DeleteFile('K:\ autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.


instructions: http://forum.kaspersky.com/index.php?showt...st&p=678328

and do another scan after the reboot

Go to the top of the page
 
+Quote Post
Shinoy
post 20.07.2009 01:01
Post #4


Newbie
*

Group: Members
Posts: 7
Joined: 25.04.2009




Thanks Mr Lucian Bara,

It is fine , there was unwanted space in this K: \autorun.inf , when I removed that , it got deleted.

Thank you

Shinoy.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 27.11.2014 05:33