Discussion in 'malware problems & news' started by A Williams, Dec 4, 2005.
New member here wondering if anyone has had any experience with this virus
is your antivirus detecting something with that name?
please can you post here the infected file's path and name, maybe even a report of your antiviruses scan?
After my post I ran another scan using Freedom and another virus was detected using safe mode I deleted the file C:\WINNT\system32\remon.sys but could not find the file C:\WINNT\nvideogui.exe I did another scan using the free scan at Trend Micro and it came back clean. I then installed Process Guard just in case the viruses were still hidden somewhere.
File infected with the "W32/Sdbot.NOA" virus and could not be disinfected. The file was not deleted. It is recommended that you delete this file.
File infected with the "W32/FUrootkit.F" virus and could not be disinfected. The file was not deleted. It is recommended that you delete this file.
this is a dangerous situation, a rootkit/backdoor combination
now if you use this infected computer to do online shopping, monetary transactions, or if it is a business computer it would really be the safest thing to format and reinstall the whole thing
if you still wish to attempt cleaning we can try
I used safe mode to the delete the remon.sys file and when I did a scan after both viruses were gone. Do you think this worked if it didn't my first step would be an attempt to clean based on the size of whats on my hard drive and although it's backed up. It's still a horrendous job. I also installed processor guard so I have control what programs access my processor. I was planning on doing another scan this evening. What would be your first step?
If I remember right, it doesn't do any good to install Process Guard on a rootkitted computer or any security software for that matter.
Refering to polomorphic wrapping and stuff.
PG works great if installed before infected. I am finding Unhackme Pro is able to find alot of stuff now. It's GUI uses firected scans which are easy but also contains some hard for beginners to understand as to what they are looking at.
IceSword seems to be good at detecting things that should not be there also.
I thonk if many of us here found a bad rootkit , they would never feel sure they got rid of it without reformating. I know I wouldn't
As long as you are sure it is not a false possitive LOL
Con, thats a known rootki filename/variant, comes with a bot
if i remember right you'll first have to disable/remove the device remon.sys in device manager( enable showing of hidden devices to see it)
then dlete the file remon.sys, in safe mode
also delete all other nasty files( do a virus scan in safe mode )
then you will have to search the registry for the string remon, delete all associated registry values found
you will also need to delete the startup entries of the bots from the registry
If I do a reformat is there any data files that these bugs would be in other than the sys files. Usually when I have to reformat my computer as in a new hard drive I transfer any files not backed up ie: Outlook files thru GoToMyPc to my business then transfer back as the Citrix server scans also (?) Would this be safe under the circumstances
Data files are harmless. I would save any e-mail address you may want. Do you need to save e-mail for a reason? If you must you must.
Thanks for all the advice everyone it is very appreciated. My DSL provider is Aliant aka Bell and I had just changed over to their Security products they use a package from Freedom previously I was using Norton/ Spyware Begone/ Zone Labs, and I'm wondering if this virus problem is because of poor protection or just Bad Luck. This is the first time a virus has got through on me.
My wife uses Freedom from Aliant since it came out and never had a virus. Seems it`s a good protection pkg they have.