IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> cannot delete autorun.inf system.exe on memory stick, Kapersky identifies as virus but cannot delete ...
cargo
post 18.12.2008 01:55
Post #1


Newbie
*

Group: Members
Posts: 5
Joined: 18.12.2008




I am running Kapersky Internet 7.

When I plug in a USB memory stick I get the (noisy) Kapersky virus warning of

Worm.win32.autorun.sjn

There are two files in the stick's root directory - autorun.inf and system.exe.

I can delete these 2 files but they return after just a few seconds.

I attach the sysinfo file:
Attached File(s)
Attached File  avz_sysinfo.zip ( 14,19K ) Number of downloads: 12
 
Go to the top of the page
 
+Quote Post
Lucian Bara
post 18.12.2008 01:59
Post #2


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




hello
hold shift while you insert your stick into the usb port.
please send both files to the lab: http://forum.kaspersky.com/index.php?showtopic=13881
afterwards run this script:
CODE
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Program Files\Microsoft Common\svchost.exe','');
DeleteFile('C:\Program Files\Microsoft Common\svchost.exe');
ExecuteSysClean;
BC_ImportDeletedList;
BC_Activate;
RebootWindows(true);
end.


afterwards make a full scan of your whole pc and post the detected list
Go to the top of the page
 
+Quote Post
cargo
post 18.12.2008 11:56
Post #3


Newbie
*

Group: Members
Posts: 5
Joined: 18.12.2008




I have sent off a zipfile to you with the offending file in a RAR archive.

Unfortunately, after running your script above, the comp then rebooted but only so far: I cannot get my desktop back! mad.gif
Go to the top of the page
 
+Quote Post
Lucian Bara
post 18.12.2008 12:39
Post #4


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




that's strange the file deleted shouldn't have any effect on the loading process. can you boot into safe mode?
Go to the top of the page
 
+Quote Post
cargo
post 18.12.2008 12:55
Post #5


Newbie
*

Group: Members
Posts: 5
Joined: 18.12.2008




QUOTE(Lucian Bara @ 18.12.2008 11:39) *
that's strange the file deleted shouldn't have any effect on the loading process. can you boot into safe mode?


Unfortunately, no. I should have mentioned that the laptop affected was running Win2000 Pro. I have now reformatted and installed a clean copy XP Home on the same machine (this machine). So the problem has gone away, but its a LOT of work getting all the progs set up again...

There is one other laptop running XP Pro and a desktop running XP Home that both have the problem stated in the first post on this thread. I have only attempted to use the desktop this morning and one interesting thing is that i can get on the internet, but the machine cannot connect to Kapersky or Symantec sites! Though other sites are accessible and all Google searches for anything now send me to pay sites for discount holidays and new antivirus software.

I'd prefer not to touch those two machines again until and if Kapersky can come up with a fix.



Go to the top of the page
 
+Quote Post
Lucian Bara
post 18.12.2008 12:58
Post #6


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




well, there won't be any fix if you can't update.
Go to the top of the page
 
+Quote Post
cargo
post 18.12.2008 13:14
Post #7


Newbie
*

Group: Members
Posts: 5
Joined: 18.12.2008




QUOTE(Lucian Bara @ 18.12.2008 11:58) *
well, there won't be any fix if you can't update.


Ok, i'll try running the script above on the desktop and see what happens..
Go to the top of the page
 
+Quote Post
Lucian Bara
post 18.12.2008 13:18
Post #8


Are You Kidding?
*****************

Group: Gold beta testers
Posts: 56947
Joined: 28.01.2006
From: Timisoara, Romania




no, post a new AVZ log made on the desktop, the issues don't have to be identical.
Go to the top of the page
 
+Quote Post
cargo
post 18.12.2008 19:11
Post #9


Newbie
*

Group: Members
Posts: 5
Joined: 18.12.2008




QUOTE(Lucian Bara @ 18.12.2008 12:18) *
no, post a new AVZ log made on the desktop, the issues don't have to be identical.


Unfortunately, am too late - now both other machines boot into Windows and then just hang before the desktop appears - cannot get Safe Mode to work either. So now doing full OS re-installs on both machines. No fun at all.

I did email Kapersky a copy of 'System.exe' and the script contents of 'Autorun.inf'. I can re-send if it will help...


Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 31.10.2014 12:13