Acid Shivers - wont go away

Hi guys,
Acid shivers (trojan?) is picked up by TDS and I delete, buts it just reappears back again. (As does the 'fake' IExplore version under WINNT)

Any suggestions?

Thanks,
littleox

 

Hi Littleox, can you please follow the steps found here: https://www.wilderssecurity.com/showthread.php?t=50662

Make sure you follow each step in order and do not go onto a further step until you have completed the one you are on. Also make sure you have the very latest version of each product mentioned and they are fully up-to-date.

After all the steps if your problem persists you may have to download a copy of Hijack This and post in one of the forums specified in the above link.

Hope this helps...

Let us know how you go...

Cheers

 

Thanks for that Blackspear - I actually have a lot of the ap's and am
up to date. I'll follow up in the morning and hope it sorts it.

Cheers,
littleox

 

My pleasure, let us know how you go...

Cheers

 

Acid Shivers - is gone away

Just some feedback to say thanks to blackspear (& the forum) as the recurring acid shivers reg entry is now gone. I followed the drill and still had the entry, however, at your suggestion of repetition, I kept running TDS & Webroot Spysweeper (the app's that were picking it up) until I got the all clear.

As an aside, my firewall is posting alerts for ntoskrnl.exe & gen host process (svchost.exe) Would there be any connection here, or should these apps be allowed to allow access the network?

Once again,
Thanks,
littleox

 

Re: Acid Shivers - is gone away

Great to see and it’s a pleasure…

There is more information here on ntoskrnl.exe http://www.liutilities.com/products/wintaskspro/processlibrary/ntoskrnl/ I have never had this trying to access the internet. I would try removing it from the list of programs in your firewall and see if it comes back with a request to access.


When you repeat ALL the steps in the thread I pointed you to, does your system now come up clean? The steps include an online anti-virus scan.

Cheers

 

NT Kernel

Hi Blackspear,

The online scan showed 16 files - all sun java deployment settings (6 x java bytever A1 & 6 x " " femad B) I changed over to Sun java having read that MS java was vulnerable.

As you suggested, I removed ntkernel from the firewall list & it reappeared after a reboot & it also had an incoming alert on the firewall (backtrace/whois was unable to get any address information) I was also prompted that ntkernel had changed since it was last used - of course I denied it access. (I've kept a copy of the alert details)

As you say, it shouldn't be appearing in the app list on the firewall. Looks like my work is not yet done. Other than this the scans give me the all clear.

Cheers,

littleox
PS. BTW, your icon looks terribly like a celtic cross - not a sight that I'd normally associate with the Gold Coast?

 

Re: NT Kernel

Did you turn off System Restore?

Have you installed and run a Trojan removal program?

Did you run through each and every step 3 times?

If yes to the above, then your next step is running Hijack This and posting a log at one of the appropriate forums…

Indeed it is a Celtic Cross, part of my heritage

Cheers

 

I use win2k & understand it doesn't have system restore.

I used TDS 3, most of the other app's were anti spyware / adware.

I tried removing the NT Kernel ap from the main list on the firewall (sygate) but was denied. Looks like this is where the real issue lies.

I also had a response to an initial mail sent to diamondCS support.
They advised that they thought that my problem was not acid shivers, but something ELSE. And, could I send them a copy of the file.

I wonder is there an app for checking the boot process, or could I, say, edit NTKernel is safe mode?

Cheers,
littleox

 

I would wait to see what DCS comes up with after looking at the file.

You can also run Hijack-This and post a log at one of the appropriate forums…

Let us know how you go...

Cheers

 

Unfortunately, I had already cleared the file being sought by DCS by the time they came back to me - unless the details are in a log file somewhere.

Anyway, I've run hijack-this and will post the findings accoridngly and see what pans out.

Thanks for the ongoing interest and I'll keep you posted.

Cheers,
littleox

 

Appreciate that, always good to see the outcome...

Cheers