alvinwjh

Removing Trojan-Clicker.Win32.Wistler.a

34 posts in this topic

I am using KAV10 and detected Trojan-Clicker.Win32.Wistler.a since 2 days ago and not able to remove it.

 

KAV10 mentioned the following sectors have been affected:

DEVICE\HARDDISK1\DR1

Device\Harddisk0\DR0

Device\Harddisk1\DR1

 

The first and the last seems to be the same infection but it show twice.

 

Is there any way I can remove it from my pc?

Thanks for your help.

Share this post


Link to post
Share on other sites

I am having this same thing happening on my computer too. Just purchased it a month ago and very frustrated that the Kaspersky isnt removing it.

I am interested in finding out how to remove this completely from my computer.

Share this post


Link to post
Share on other sites

Same problem as of yesterday afternoon.

 

I was using Nav10 and upgraded to Nav11 in order to do an Active Threat Scan. The scan found the trojan right at the end of the scan but then before the reboot, my system crashed with a Windows: Bad Image (or something like that) followed by the hex execution error code. Upon reboot the trojan is still there.

 

I then created a rescue disk. It booted and I scanned, but it did not find anything.

 

Rich

Share this post


Link to post
Share on other sites

Well lads I had the same problem read my post here http://forum.kaspersky.com/index.php?showtopic=178206 and I could not remove it because it is very nasty little virus.It infected the MBR on HDD so it is really impossible to remove it with kaspersky.I had to fix mbr to fix the problem following with the system restore:-((

Edited by kemkokems

Share this post


Link to post
Share on other sites

Its a problem of Kaspersky. I dont think my PC got vired, like 20 others.

Share this post


Link to post
Share on other sites

What I would really like to know is how I got infected in the first place. This trojan has been around for at least a month. Surely Kaspersky should have caught it.

Share this post


Link to post
Share on other sites
I am using KAV10 and detected Trojan-Clicker.Win32.Wistler.a since 2 days ago and not able to remove it.

 

KAV10 mentioned the following sectors have been affected:

DEVICE\HARDDISK1\DR1

Device\Harddisk0\DR0

Device\Harddisk1\DR1

 

I have a similar problem, I'm using KAV2009 and actually scanning an external drive (from a friend's computer) which has this wistler.a thing in /Device/HARDDISK3/DR3. KAV2009 finds it, but all it says that: "Untreated, Reason: Postponed". Then the scan finishes and it doesn't remove it. Why does it tell me "postponed"?

I was hoping it would be able to deal with this virus on an external drive, since it is not the drive the computer booted up from. Anyone has any suggestions?

Share this post


Link to post
Share on other sites

Try this guide from this link ~~

It is on French so just google translate it.Use it at ur own risk!!!

Or just download this tool ~~ to see if ur MBR is really infected which was the case on my computer.

 

edit: del extraneous disinfection link, in accordance with protocol indicated in the read me topic.

Edited by richbuff

Share this post


Link to post
Share on other sites

hi,

this trojan is using the process "svchost.exe" and "iexplorer.exe" for his needs.

i have found that it is changed the MBR.

the kaspersky AV identify the virus in devices:

\Device\Harddisk0\DR0

\Device\Harddisk1\DR1

 

i have tried to fixed it using a bootkit remover SW.

now the scanning have found a problem only in

\Device\Harddisk1\DR1

but as i can see the "iexplorer.exe" is not active anymore under the "svchost.exe" process.

probably this has solve a part of the problem but not all of it.

 

the kaspersky AV can't handle it at the moment.

it is asking for the disinfection procedure.

still, it is just booting again with the same problem.

 

this is a smart bastered trojan :)

 

does anyone have more ideas ?

Edited by aviram007

Share this post


Link to post
Share on other sites

wow a lot of users having the same issue,, i hope someone can help us get rid of it.

Im really surprised Kaspersky not been able to sort this one out. im not very technical so hope someone can post an idiot proof reply.

 

thanks. :aa:

Share this post


Link to post
Share on other sites

a question to the kaspersky stuff:

what information do we need to post so we can solve this problem ?

Share this post


Link to post
Share on other sites
a question to the kaspersky stuff:

what information do we need to post so we can solve this problem ?

 

Hello. earth calling Kaspersky, earth calling Kaspersky. Can anybody hear us?

All we are asking for is a bit of help with your product. Why can your product not solve this problem?

If I had gotten infected with a free A/V program, I would not be bother as much. But, I am paying for Kaspersky and expect a bit more on the customer service end.

 

Can someone at Kaspersky please tell us how to get rid of this virus? Please.

Edited by jps611

Share this post


Link to post
Share on other sites

Hi, 1) this is a user forum. There are instructions located in the first Important read me topic, and 2) Tech Support is linked at upper left of this forum page. Tech Support has additional tools for new malware that is apparently very difficult to remove.

Share this post


Link to post
Share on other sites

Well, would you mind to point me the link of tool to remove this trojan? Apparently I cant find any trojan by name of clicker or wistler.

Thanks.

Share this post


Link to post
Share on other sites

Me too....i need help...and i cant do a backup of my Pc...and the MbrFix too, cause ive a OEM of Vista x64.

I paid for Kaspersky nearly 3 years...but:

Why cant they make a software which kicks the Trojan-Clicker.Win32.Wistler.a in the butt?...and why are only Kaspersk users infected?

 

sorry beeing so...but I musn't loose Data from my Pc.

 

 

Kaspersky Virus Removal Tool is an utility designed to remove all types of infections from your computer.

 

Doesn't help at all^^

Edited by lolgc

Share this post


Link to post
Share on other sites

DO THIS AT YOUR OWN RISK!!!

 

Well I see that nobody is listening to me.I had the exact same problem and I wrote about it in another post on this forum ( http://forum.kaspersky.com/index.php?showtopic=178206 ) and the only solution so far is to rewrite the MBR!So,if u have windows xp installed,boot from it,go to recovery console,logon onto windows partition and type these commands 1 after the other without the quotes:

"fixmbr" and then press enter

"fixboot" and enter

And then restart.

There are numerous posts about this virus on this forum and everybody is opening another topic and its all about this problem,so helloo peple,please open ur eyes just a little:-))

 

If u have windows vista or win7 put the dvd in ur drive,boot from it and enter the recovery tools option and select command prompt and enter these commands without the quotes:

"Bootrec.exe /FixMbr" and then of course enter

"Bootrec.exe /FixBoot" and enter

And restart computer.

 

DO THIS AT YOUR OWN RISK!!!

 

P.S. Yesterday my friend also got infected and he has removed this virus in exactly the same way I described it above in this post.Of course,the biggest problem is that this nasty trojan infects the MBR of ur HDD so every time u boot into windows it is already active during the boot process.I tried removing it with numerous third party software(Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect.) but none of them was successfull in removing it.

Edited by kemkokems

Share this post


Link to post
Share on other sites
DO THIS AT YOUR OWN RISK!!!

 

Well I see that nobody is listening to me.I had the exact same problem and I wrote about it in another post on this forum ( http://forum.kaspersky.com/index.php?showtopic=178206 ) and the only solution so far is to rewrite the MBR!So,if u have windows xp installed,boot from it,go to recovery console,logon onto windows partition and type these commands 1 after the other without the quotes:

"fixmbr" and then press enter

"fixboot" and enter

And then restart.

There are numerous posts about this virus on this forum and everybody is opening another topic and its all about this problem,so helloo peple,please open ur eyes just a little:-))

 

If u have windows vista or win7 put the dvd in ur drive,boot from it and enter the recovery tools option and select command prompt and enter these commands without the quotes:

"Bootrec.exe /FixMbr" and then of course enter

"Bootrec.exe /FixBoot" and enter

And restart computer.

 

DO THIS AT YOUR OWN RISK!!!

 

P.S. Yesterday my friend also got infected and he has removed this virus in exactly the same way I described it above in this post.Of course,the biggest problem is that this nasty trojan infects the MBR of ur HDD so every time u boot into windows it is already active during the boot process.I tried removing it with numerous third party software(Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect.) but none of them was successfull in removing it.

 

 

so....Mbrfix didnt work for him`?

 

Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect. did they find the trojan?...I dont think so

Edited by lolgc

Share this post


Link to post
Share on other sites
so....Mbrfix didnt work for him`?

 

Spybot S&D,Spyware Doctor,AD-AWARE,MBR-CHECK ect. did they find the trojan?...I dont think so

Read,it did work for him but it did not work for me,because I had dual boot OS,maybe because of that,I do not know.I was lucky I had made backup with Acronis tool so I returned my computer to earlier state,but it worked for my friend,but these other tools did not detect this trojan:-(

Edited by kemkokems

Share this post


Link to post
Share on other sites

Well...this MbrFix didnt work for me :(

I opened the Console in the DVD and:

Bootrec.exe /MbrFix

Vorgang abgeschlossen -> German: Done

 

Bootrec.exe /BootFix

...Waited for some time

Vorgang abgeschlossen -> German: Done

 

After restart:

It was still like before...and a Full new Vista Installation i cant do :(

 

PLS Help Kaspersky

 

 

i dont have a dual OS System

Edited by lolgc

Share this post


Link to post
Share on other sites

There is something very strange going on here. It seems Kaspersky has been caught with its pants down and will not admit it. I paid for an A/V program to prevent my computer from from being infected, but Kaspersky is silent, while its customers suffer.

 

I just want someone at Kaspersky to address this problem. That's not asking too much.

Share this post


Link to post
Share on other sites
Hi, 1) this is a user forum. There are instructions located in the first Important read me topic, and 2) Tech Support is linked at upper left of this forum page. Tech Support has additional tools for new malware that is apparently very difficult to remove.

Share this post


Link to post
Share on other sites
Well...this MbrFix didnt work for me :(

I opened the Console in the DVD and:

Bootrec.exe /MbrFix

Vorgang abgeschlossen -> German: Done

 

Bootrec.exe /BootFix

...Waited for some time

Vorgang abgeschlossen -> German: Done

 

After restart:

It was still like before...and a Full new Vista Installation i cant do :(

 

PLS Help Kaspersky

i dont have a dual OS System

Its not MbrFix or BootFix!The right way is /FixMbr abd /FixBoot

Share this post


Link to post
Share on other sites
DO THIS AT YOUR OWN RISK!!!

 

Well I see that nobody is listening to me.I had the exact same problem and I wrote about it in another post on this forum ( http://forum.kaspersky.com/index.php?showtopic=178206 ) and the only solution so far is to rewrite the MBR!So,if u have windows xp installed,boot from it,go to recovery console,logon onto windows partition and type these commands 1 after the other without the quotes:

"fixmbr" and then press enter

"fixboot" and enter

And then restart.

 

The above steps worked for me and the virus is gone from the MBR! :)

For those of us who don't have a Windows XP CD here are instructions how to create a bootable CD with the Recovery Console on it (fixmbr and fixboot are part of the Recovery Console).

http://tips.vlaurie.com/2006/05/recovery-c...out-an-xp-disk/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.