SOS

Discussion in 'ESET NOD32 Antivirus' started by nagnamis29, Apr 15, 2008.

Thread Status:
Not open for further replies.
  1. nagnamis29

    nagnamis29 Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    35
    A virus "WIN32/PACEX.GEN VIRUS and KXVO.EXE" can not be solved because it re-occurs after deletion. im using nod32 3.0 thanks
     
  2. nagnamis29

    nagnamis29 Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    35
    heres the logs...

    4/15/2008 9:17:41 AM Real-time file system protection file C:\System Volume Information\_restore{0DF40F22-99D1-4D6C-873A-C77FA6E8B182}\RP61\A0042835.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.
    4/14/2008 12:45:48 PM Startup scanner file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined
    4/13/2008 10:48:17 PM HTTP filter file ht tp://82.98.235.78/mmtt/zrt20080408.dll?uid=037368E6085311DD9F51152079CFFFFF&affid=152079&guid=1F37496CE00047FAAC6ED4120209FD68&rid=wen5 Win32/Small.NDR trojan connection terminated - quarantined CAPULE\Dunhill Threat was detected upon access to web by the application: C:\WINDOWS\explorer.exe.
    4/13/2008 9:49:01 PM Startup scanner file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted (after the next restart) - quarantined CAPULE\Dunhill
    4/13/2008 1:47:52 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 1:47:50 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 1:47:48 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\j.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 6:43:57 AM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 6:43:56 AM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 6:43:54 AM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/13/2008 6:40:10 AM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\l.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\system32\kxvo.exe.
    4/12/2008 10:13:58 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
    4/12/2008 10:13:55 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
    4/12/2008 10:13:44 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\d.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
    4/12/2008 9:59:15 PM Real-time file system protection file C:\WINDOWS\system32\fool0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
    4/12/2008 9:59:13 PM Real-time file system protection file C:\WINDOWS\system32\ieso0.dll Win32/Pacex.Gen virus deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
    4/12/2008 9:58:35 PM Real-time file system protection file C:\DOCUME~1\Dunhill\LOCALS~1\Temp\b6fblr.sys a variant of Win32/PSW.OnLineGames.NVX trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: H:\gvsqikes.cmd.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I'd suggest that you boot from a clean partition and clean out all infected files. The computer should be unplugged from network during the cleaning.
     
  4. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    Disable u.r system restore.
    use any live bootable cds.... like bart PE or live XP and remove manually from paths in the log...


    but its better with the 1st suggestion of cleaning from clean partition..
    this is an alternative
    u can use some registry fixes too.
    and hey 1 more thing....go to run....hit %tmp% and remove all temp there.....even the hidden ones...make sure bout that...thats wheere the virus come back again
     
  5. nagnamis29

    nagnamis29 Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    35
    what do you mean boot from clean partition? kindly please literate it slow and basic please. thanks
     
  6. nagnamis29

    nagnamis29 Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    35
    im not good in technical matters thank you. please say it step by step and what step will i do and where. thanks
     
  7. krypton_harsh

    krypton_harsh Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    84
    You can do it in two ways...

    easiest method is.. connect u'r hard disk to an another virus-free system.
    with updated avs.
    and scan the whole hard disk there.

    or else. u have to format u'r c:\ reinstall operating system , install avs and updates
    and scan the rest of partitions.. make sure u dont open them before removing all the virus.
    if the virus in the hard disk is executed the other partitions will also become affected.
     
  8. nagnamis29

    nagnamis29 Registered Member

    Joined:
    Apr 1, 2008
    Posts:
    35
    Thank you
     
  9. SETAN13

    SETAN13 Registered Member

    Joined:
    May 2, 2008
    Posts:
    4
    hi there

    i think i also have same problem with this trhead..

    as u can see..
    http://i20.photobucket.com/albums/b209/jinzo13/virus/abisdiklik.jpg

    this is my computer windows...and the virus pop up in AV NOD32 V3 notification like this

    http://i20.photobucket.com/albums/b209/jinzo13/virus/trusjadibegini.jpg

    i try spyware doctor..and it can detect the virus n cleanin

    but when i try the same procedure above...the virus pop up again..

    so...what the hell is telp folder is..?? can i just delete it or sumthing..??

    plz i need ur diagnose hehe

    btw im newbie here..so pardon me if i made any mistake..

    cheers
     
  10. xTiNcTion

    xTiNcTion Registered Member

    Joined:
    Oct 25, 2003
    Posts:
    253
Thread Status:
Not open for further replies.