SOS

A virus "WIN32/PACEX.GEN VIRUS and KXVO.EXE" can not be solved because it re-occurs after deletion. im using nod32 3.0 thanks

 

heres the logs...

4/15/2008 9:17:41 AM Real-time file system protection file C:\System Volume Information\_restore{0DF40F22-99D1-4D6C-873A-C77FA6E8B182}\RP61\A0042835.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
4/14/2008 12:45:48 PM Startup scanner file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined
4/13/2008 10:48:17 PM HTTP filter file ht tp://82.98.235.78/mmtt/zrt20080408.dll?uid=037368E6085311DD9F51152079CFFFFF&affid=152079&guid=1F37496CE00047FAAC6ED4120209FD68&rid=wen5 Win32/Small.NDR trojan connection terminated - quarantined CAPULE\Dunhill Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.
4/13/2008 9:49:01 PM Startup scanner file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted (after the next restart) - quarantined CAPULE\Dunhill
4/13/2008 1:47:52 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 1:47:50 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 1:47:48 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\j.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 6:43:57 AM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 6:43:56 AM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 6:43:54 AM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/13/2008 6:40:10 AM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\l.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
4/12/2008 10:13:58 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
4/12/2008 10:13:55 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
4/12/2008 10:13:44 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\d.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
4/12/2008 9:59:15 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
4/12/2008 9:59:13 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
4/12/2008 9:58:35 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\b6fblr.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.

 

I'd suggest that you boot from a clean partition and clean out all infected files. The computer should be unplugged from network during the cleaning.

 

Disable u.r system restore.
use any live bootable cds.... like bart PE or live XP and remove manually from paths in the log...


but its better with the 1st suggestion of cleaning from clean partition..
this is an alternative
u can use some registry fixes too.
and hey 1 more thing....go to run....hit %tmp% and remove all temp there.....even the hidden ones...make sure bout that...thats wheere the virus come back again

 

what do you mean boot from clean partition? kindly please literate it slow and basic please. thanks

 

im not good in technical matters thank you. please say it step by step and what step will i do and where. thanks

 

You can do it in two ways...

easiest method is.. connect u'r hard disk to an another virus-free system.
with updated avs.
and scan the whole hard disk there.

or else. u have to format u'r c:\ reinstall operating system , install avs and updates
and scan the rest of partitions.. make sure u dont open them before removing all the virus.
if the virus in the hard disk is executed the other partitions will also become affected.

 

Thank you

 

hi there

i think i also have same problem with this trhead..

as u can see..
http://i20.photobucket.com/albums/b209/jinzo13/virus/abisdiklik.jpg

this is my computer windows...and the virus pop up in AV NOD32 V3 notification like this

http://i20.photobucket.com/albums/b209/jinzo13/virus/trusjadibegini.jpg

i try spyware doctor..and it can detect the virus n cleanin

but when i try the same procedure above...the virus pop up again..

so...what the hell is telp folder is..?? can i just delete it or sumthing..??

plz i need ur diagnose hehe

btw im newbie here..so pardon me if i made any mistake..

cheers

 

Hi,

You should take a look at: GENERAL Virus and Trojan removal Instructions