Well, we all know that this worm, Nachi.B is a nasty worm that can not be removed easily, and I have seen many instructions to kill the worm and Ive tried them all, but no LOL everytime I try scanning it can not be detected but it pops up at random times.. mostly when I try scanning with "nachi.B Removable tool" it pops up saying "Nachi.B Worm was detected" Tried: http://www.trendmicro.com/download/dcs.asp http://www.sophos.com/support/disinfection/nachia.html norton macafee I also have this trojan, Win32/KillFiles.CX trojan
If it's in the System Volume Information folder, then it's protected by the operating system. The easiest way to remove it then is to disable the system restore function temporarily. However, then you'll also loose any restore points you might have created. Disable it, reboot, run the scanner, enable it again, and reboot. How to Enable and Disable System Restore http://support.microsoft.com/default.aspx?scid=kb;EN-US;264887 Best regards, Anders
i disabled scanned saw nothing.. Nod32 didnt even detect the virus when the restore system was disabled..
By disabling system restore, you basically deleted all the files within, which is where NOD32 was finding Nachi.B. Your scan should have come up clean. Just be sure to turn system restore back on and create a new restore point. HTH.... Regards, Kent
One idea about System Volume Information. Isn't better simple add rights to access to this folder for Admin group instead of disabling services? Simple right mouse -> Security -> Add ... and add administrators or nod's service... If you haven't Serucity tab in folder properties you have probably enabled "Simpler sharing". It can be changed by "Folder options" (in Control Panel or in Explorer's menu Tools -> Folder options): uncheck Tab display -> "Use simpler sharing".