I have this virus on my friend's pc name RVHOST.EXE that look like a folder but its an application together with the New Folder.Exe Virus.

My question is, I can't or not easy looking for a solution kill this thing cuz Our ESS / Nod32 cant remove them.

Is there any thread that discuses this issue?

Need Help.

Thanks..

Hello,

at first update your ESS and boot your OS to safe mode, where you'll perform In-depth scan. Then, if problem won't be solved, download ESET SysInspector (http://www.eset.com/download/sysinspector.php) and create log, which should uncover trojan's entries and you'll send to technical support - support[at]eset.com.

Regards

Thank you sir, by the way I am already using it (SysInspector) what I mean is, is there any automated process similar to this (http://www.eset.com/download/free-virus-remover.php)?

Anyway I have found these links lately:
{QUOTE->
http://xaithe.blogspot.com/2008/05/how-to-remove-rvhostexe-commonly-new.html
http://www.askmehelpdesk.com/spyware-viruses-etc/how-remove-rvhost-exe-malware-71164.html
http://answers.yahoo.com/question/index?qid=20070911010115AAwqhC3 <-QUOTE}

I will try to make use of these.

Thanks for the time sir.

ESET hasn't got automated tool, because making cleaners for every sample isn't possible. For that v3 cleans not only files, but their entries in Registry. The disadvantage of this is that antivirus needn't detect all variants. If you send log to technicians, they'll make a guide for you.

Just found these too:

http://www.technize.com/2007/07/18/new-folderexe-sohanad-virus-removal-tool/

http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html


But the thing is, 1 of the file as describe contains infection as per ESET Smart Security is Concern..


Does this helps?

btw I manage to "capture " new folder.exe and sent it thru 'Submit files for analysis' and Im doing this over and over. Does this helps the technical team to gather info about the virus, - they say is Sohanad virus.

File Process.exe is detected as Win32/PrcView application - potentially unsafe application (more information in ESS's helper). You can use these applications with disabled ESS. They automatically cleans defined files and writes last created/modified files and Registry entries, services, jobs etc. Suspicious files send to samples[at]eset.com in archive with password "infected" with this thread's url in the subject.