Absolutely flabergasted. Called support. Waited in a queue for over an hour + (c). To be told: log needed So saved log and sent it - but because of the silly upload system did not upload properly apparently They wanted me to run wsalog generator that would crash at the point of packaging the data. I appreciate that not every thing can be detected but here it can detect it but not clean it.
I should add that this particular junk blocks the owner out of PC in safe mode also. It allows logging in and a few seconds later it logs back off. In normal mode, WSA kicks in, turns red, and then the system logs off again, this happens within seconds.
We have several tools to aid in the cleanup of Virut but WSA does detect it and instructs the user to contact support as file infectors are difficult to deal with. The support team has offline tools to aid in cleanup if needed - I suggest continuing to work with them to get it resolved ASAP.
Support cannot remotely access the machine. And net access is not working presumably because of the virus). Support also could not help me unless I could get them logs using a wsalog collector which crashes so what to do?
If possible, I would remove the HDD and set it up in another PC as a slave and let support get in that way. But then again, I do not know if the virus would spread that way to the new host PC, maybe Joe knows? Usually this approach works for these kind of scenarios. /E
Try using another vendor's cleanup tool like this one from Kaspersky....http://support.kaspersky.com/2735 It worked for me when Webroot let through a Sality virus on my system and couldn't clean it (https://www.wilderssecurity.com/showthread.php?t=339589)
Yes, support can remotely access the machine. They have offline remote access tools as well. Here's a better question for you: What AV -can- be installed on a machine that is infected with Virut, while Virut is running, and successfully disinfect it? Remember, you can't run anything to install it, and you can't access the network to get definitions. Here's an even better, better question: How did you manage to get Virut on there when WSA was running? I have not been able to find a live Virut sample that causes uncleanable damage with WSA installed first unless it is specifically allowed by the user or WSA is shut down. Are you seriously claiming that Support said "We cannot help you unless you run WSALogs successfully"? Or are you just assuming that is the case to make controversy?
Please inform the Support that the collector crashes. They'll instruct you to use other ways like offline removal tools. You can carry the conversation with the support through another pc or phone and follow the instructions with the pc and a usb drive which would contain the tools. No worries.
Exactly. I think this is the fourth thread where this same conversation about this same threat is taking place now - volvic, can we keep it in this thread just so that we don't have to try to follow it in so many places? The support team will be able to help you with cleanup scripts and the cleanup tool we've written; WSA just prompts to contact support as file infectors are notoriously difficult to clean even when we have journaled the changes (as it will likely require using safemode or offline access because of the difficulties getting to the OS).