IPB

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Closed TopicStart new topic
> Removing Trojan-Clicker.Win32.Wistler.a
alvinwjh
post 23.07.2010 17:48
Post #1


Newbie
*

Group: Members
Posts: 3
Joined: 23.07.2010




I am using KAV10 and detected Trojan-Clicker.Win32.Wistler.a since 2 days ago and not able to remove it.

KAV10 mentioned the following sectors have been affected:
DEVICE\HARDDISK1\DR1
Device\Harddisk0\DR0
Device\Harddisk1\DR1

The first and the last seems to be the same infection but it show twice.

Is there any way I can remove it from my pc?
Thanks for your help.
Go to the top of the page
 
+Quote Post
dboyer
post 23.07.2010 20:33
Post #2


Newbie
*

Group: Members
Posts: 1
Joined: 23.07.2010




I am having this same thing happening on my computer too. Just purchased it a month ago and very frustrated that the Kaspersky isnt removing it.
I am interested in finding out how to remove this completely from my computer.
Go to the top of the page
 
+Quote Post
rrchambers
post 23.07.2010 21:24
Post #3


Newbie
*

Group: Members
Posts: 2
Joined: 23.07.2010




Same problem as of yesterday afternoon.

I was using Nav10 and upgraded to Nav11 in order to do an Active Threat Scan. The scan found the trojan right at the end of the scan but then before the reboot, my system crashed with a Windows: Bad Image (or something like that) followed by the hex execution error code. Upon reboot the trojan is still there.

I then created a rescue disk. It booted and I scanned, but it did not find anything.

Rich
Go to the top of the page
 
+Quote Post
kemkokems
post 23.07.2010 21:33
Post #4


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




Well lads I had the same problem read my post here http://forum.kaspersky.com/index.php?showtopic=178206 and I could not remove it because it is very nasty little virus.It infected the MBR on HDD so it is really impossible to remove it with kaspersky.I had to fix mbr to fix the problem following with the system restore:-((

This post has been edited by kemkokems: 23.07.2010 21:34
Go to the top of the page
 
+Quote Post
lolgc
post 23.07.2010 22:01
Post #5


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




Its a problem of Kaspersky. I dont think my PC got vired, like 20 others.
Go to the top of the page
 
+Quote Post
rrchambers
post 23.07.2010 23:14
Post #6


Newbie
*

Group: Members
Posts: 2
Joined: 23.07.2010




What I would really like to know is how I got infected in the first place. This trojan has been around for at least a month. Surely Kaspersky should have caught it.
Go to the top of the page
 
+Quote Post
krisztoforo
post 24.07.2010 07:02
Post #7


Newbie
*

Group: Members
Posts: 4
Joined: 24.07.2010




QUOTE(alvinwjh @ 23.07.2010 06:48) *
I am using KAV10 and detected Trojan-Clicker.Win32.Wistler.a since 2 days ago and not able to remove it.

KAV10 mentioned the following sectors have been affected:
DEVICE\HARDDISK1\DR1
Device\Harddisk0\DR0
Device\Harddisk1\DR1


I have a similar problem, I'm using KAV2009 and actually scanning an external drive (from a friend's computer) which has this wistler.a thing in /Device/HARDDISK3/DR3. KAV2009 finds it, but all it says that: "Untreated, Reason: Postponed". Then the scan finishes and it doesn't remove it. Why does it tell me "postponed"?
I was hoping it would be able to deal with this virus on an external drive, since it is not the drive the computer booted up from. Anyone has any suggestions?
Go to the top of the page
 
+Quote Post
kemkokems
post 24.07.2010 10:30
Post #8


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




Try this guide from this link ~~
It is on French so just google translate it.Use it at ur own risk!!!
Or just download this tool ~~ to see if ur MBR is really infected which was the case on my computer.

edit: del extraneous disinfection link, in accordance with protocol indicated in the read me topic.

This post has been edited by richbuff: 24.07.2010 11:58
Go to the top of the page
 
+Quote Post
aviram007
post 24.07.2010 15:44
Post #9


Newbie
*

Group: Members
Posts: 6
Joined: 24.07.2010




i have the same problem, does anybody has a solution ?
Go to the top of the page
 
+Quote Post
aviram007
post 24.07.2010 17:42
Post #10


Newbie
*

Group: Members
Posts: 6
Joined: 24.07.2010




hi,
this trojan is using the process "svchost.exe" and "iexplorer.exe" for his needs.
i have found that it is changed the MBR.
the kaspersky AV identify the virus in devices:
\Device\Harddisk0\DR0
\Device\Harddisk1\DR1

i have tried to fixed it using a bootkit remover SW.
now the scanning have found a problem only in
\Device\Harddisk1\DR1
but as i can see the "iexplorer.exe" is not active anymore under the "svchost.exe" process.
probably this has solve a part of the problem but not all of it.

the kaspersky AV can't handle it at the moment.
it is asking for the disinfection procedure.
still, it is just booting again with the same problem.

this is a smart bastered trojan smile.gif

does anyone have more ideas ?

This post has been edited by aviram007: 24.07.2010 17:44
Go to the top of the page
 
+Quote Post
zak769
post 24.07.2010 23:52
Post #11


Newbie
*

Group: Members
Posts: 2
Joined: 24.07.2010




wow a lot of users having the same issue,, i hope someone can help us get rid of it.
Im really surprised Kaspersky not been able to sort this one out. im not very technical so hope someone can post an idiot proof reply.

thanks. bc.gif
Go to the top of the page
 
+Quote Post
aviram007
post 24.07.2010 23:59
Post #12


Newbie
*

Group: Members
Posts: 6
Joined: 24.07.2010




a question to the kaspersky stuff:
what information do we need to post so we can solve this problem ?
Go to the top of the page
 
+Quote Post
jps611
post 25.07.2010 06:26
Post #13


Newbie
*

Group: Members
Posts: 7
Joined: 5.07.2007




QUOTE(aviram007 @ 24.07.2010 14:59) *
a question to the kaspersky stuff:
what information do we need to post so we can solve this problem ?


Hello. earth calling Kaspersky, earth calling Kaspersky. Can anybody hear us?
All we are asking for is a bit of help with your product. Why can your product not solve this problem?
If I had gotten infected with a free A/V program, I would not be bother as much. But, I am paying for Kaspersky and expect a bit more on the customer service end.

Can someone at Kaspersky please tell us how to get rid of this virus? Please.

This post has been edited by jps611: 25.07.2010 06:26
Go to the top of the page
 
+Quote Post
richbuff
post 25.07.2010 06:38
Post #14


Are You Kidding?
*****************

Group: Moderators
Posts: 1000084
Joined: 14.06.2007




Hi, 1) this is a user forum. There are instructions located in the first Important read me topic, and 2) Tech Support is linked at upper left of this forum page. Tech Support has additional tools for new malware that is apparently very difficult to remove.


--------------------
Please see the Important topics, located at the top of this section, and at the top of other sections of this forum.
Go to the top of the page
 
+Quote Post
alvinwjh
post 25.07.2010 07:26
Post #15


Newbie
*

Group: Members
Posts: 3
Joined: 23.07.2010




Well, would you mind to point me the link of tool to remove this trojan? Apparently I cant find any trojan by name of clicker or wistler.
Thanks.
Go to the top of the page
 
+Quote Post
lolgc
post 25.07.2010 14:03
Post #16


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




Me too....i need help...and i cant do a backup of my Pc...and the MbrFix too, cause ive a OEM of Vista x64.
I paid for Kaspersky nearly 3 years...but:
Why cant they make a software which kicks the Trojan-Clicker.Win32.Wistler.a in the butt?...and why are only Kaspersk users infected?

sorry beeing so...but I musn't loose Data from my Pc.


Kaspersky Virus Removal Tool is an utility designed to remove all types of infections from your computer.

Doesn't help at all^^

This post has been edited by lolgc: 25.07.2010 14:06
Go to the top of the page
 
+Quote Post
kemkokems
post 25.07.2010 14:24
Post #17


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




DO THIS AT YOUR OWN RISK!!!

Well I see that nobody is listening to me.I had the exact same problem and I wrote about it in another post on this forum ( http://forum.kaspersky.com/index.php?showtopic=178206 ) and the only solution so far is to rewrite the MBR!So,if u have windows xp installed,boot from it,go to recovery console,logon onto windows partition and type these commands 1 after the other without the quotes:
"fixmbr" and then press enter
"fixboot" and enter
And then restart.
There are numerous posts about this virus on this forum and everybody is opening another topic and its all about this problem,so helloo peple,please open ur eyes just a little:-))

If u have windows vista or win7 put the dvd in ur drive,boot from it and enter the recovery tools option and select command prompt and enter these commands without the quotes:
"Bootrec.exe /FixMbr" and then of course enter
"Bootrec.exe /FixBoot" and enter
And restart computer.

DO THIS AT YOUR OWN RISK!!!

P.S. Yesterday my friend also got infected and he has removed this virus in exactly the same way I described it above in this post.Of course,the biggest problem is that this nasty trojan infects the MBR of ur HDD so every time u boot into windows it is already active during the boot process.I tried removing it with numerous third party software(Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect.) but none of them was successfull in removing it.

This post has been edited by kemkokems: 25.07.2010 14:41
Go to the top of the page
 
+Quote Post
lolgc
post 25.07.2010 15:01
Post #18


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




QUOTE(kemkokems @ 25.07.2010 14:24) *
DO THIS AT YOUR OWN RISK!!!

Well I see that nobody is listening to me.I had the exact same problem and I wrote about it in another post on this forum ( http://forum.kaspersky.com/index.php?showtopic=178206 ) and the only solution so far is to rewrite the MBR!So,if u have windows xp installed,boot from it,go to recovery console,logon onto windows partition and type these commands 1 after the other without the quotes:
"fixmbr" and then press enter
"fixboot" and enter
And then restart.
There are numerous posts about this virus on this forum and everybody is opening another topic and its all about this problem,so helloo peple,please open ur eyes just a little:-))

If u have windows vista or win7 put the dvd in ur drive,boot from it and enter the recovery tools option and select command prompt and enter these commands without the quotes:
"Bootrec.exe /FixMbr" and then of course enter
"Bootrec.exe /FixBoot" and enter
And restart computer.

DO THIS AT YOUR OWN RISK!!!

P.S. Yesterday my friend also got infected and he has removed this virus in exactly the same way I described it above in this post.Of course,the biggest problem is that this nasty trojan infects the MBR of ur HDD so every time u boot into windows it is already active during the boot process.I tried removing it with numerous third party software(Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect.) but none of them was successfull in removing it.



so....Mbrfix didnt work for him`?

Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect. did they find the trojan?...I dont think so

This post has been edited by lolgc: 25.07.2010 15:01
Go to the top of the page
 
+Quote Post
lolgc
post 25.07.2010 15:27
Post #19


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




Well...this MbrFix didnt work for me sad.gif
Attached File(s)
Attached File  viri.jpg ( 155,9K ) Number of downloads: 12
 
Go to the top of the page
 
+Quote Post
kemkokems
post 25.07.2010 15:48
Post #20


Member
**

Group: Members
Posts: 10
Joined: 22.07.2010




QUOTE(lolgc @ 25.07.2010 13:01) *
so....Mbrfix didnt work for him`?

Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect. did they find the trojan?...I dont think so

Read,it did work for him but it did not work for me,because I had dual boot OS,maybe because of that,I do not know.I was lucky I had made backup with Acronis tool so I returned my computer to earlier state,but it worked for my friend,but these other tools did not detect this trojan:-(

This post has been edited by kemkokems: 25.07.2010 15:49
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Closed TopicStart new topic

 



Lo-Fi Version Time is now: 26.10.2014 01:09