nachi

  • Thread starter Thread starter Dwe
  • Start date Start date
D

Dwe

Hello, avast is still find over and over a nachi infection (I'm on xp); it
is removed after each restart (it won't be deleted when localized firts
time; I have anyway toggled off the system restore too), but it appears
again and again. It is a problem of avast? I've tried any standalone removal
tools (panda, norton, and alike), but they do not find anything; avast does.
 
Hello, avast is still find over and over a nachi infection (I'm on xp); it
is removed after each restart (it won't be deleted when localized firts
time; I have anyway toggled off the system restore too), but it appears
again and again. It is a problem of avast? I've tried any standalone removal
tools (panda, norton, and alike), but they do not find anything; avast does.
Click to expand...

What about Avast's cleaner which handles nachi? :

http://www.softpile.com/Utilities/AntiVirus/Download_18027_1.html

Does this not remove the problem?


Art
http://www.epix.net/~artnpeg
 
What about Avast's cleaner which handles nachi? :

http://www.softpile.com/Utilities/AntiVirus/Download_18027_1.html

Does this not remove the problem?
Click to expand...

Nope; I used it too. Maybe it didn't found anything 'cause something hidden
initializes the exploit of the virus from outside over and over (I toggled
Sygate off, just to see whether my suspicions were right; btw, the virus was
found by avast in the ie temp folder wherein there was stuff from Sygate). I
guess that even enabling again Sygate won't solve the prob from the root; at
most, it could only block the intrusion which maybe is initialized from some
"spore" still resident within my pc; where, I dunno. I wrote also to avast
people, but they wasn't able to give me any answers.
What to do now? It is a issue of avast? If yes, is there some better
antivirus outta here?
 
Nope; I used it too. Maybe it didn't found anything 'cause something hidden
initializes the exploit of the virus from outside over and over (I toggled
Sygate off, just to see whether my suspicions were right; btw, the virus was
found by avast in the ie temp folder wherein there was stuff from Sygate). I
guess that even enabling again Sygate won't solve the prob from the root; at
most, it could only block the intrusion which maybe is initialized from some
"spore" still resident within my pc; where, I dunno. I wrote also to avast
people, but they wasn't able to give me any answers.
What to do now? It is a issue of avast? If yes, is there some better
antivirus outta here?
Click to expand...

Have you read this? :

http://vil.nai.com/vil/content/v_100559.htm

Nachi is supposed to have destroyed itself months ago :)
Anyway, have you installed the patches? Do you have the files and
registry entries mentioned in the description?

Insofar as a "second opinion" av scan goes, you might want to try
Trend's SysClean in Safe mode. See my web site for the Sys-Up
download. It might be that Avast is misidentifying the actual malware,
if any actually exists.


Art
http://www.epix.net/~artnpeg
 
<snip>

Do you have a firewall installed? And have you got all of the Windows Update
patches?
 
The Prophecy said:
<snip>

Do you have a firewall installed? And have you got all of the Windows Update
patches?
Click to expand...

Yes, I have a firewall, but, what does it serves, if not to block something
resident, in the case that there's something resident in my machine which
triggers the infection over and over? I toggled off sygate just to see
whether there was still something resident within the pc, that triggers the
infections; though, I was unable to find where that "spore" is.
 
Have you read this? :

http://vil.nai.com/vil/content/v_100559.htm

Nachi is supposed to have destroyed itself months ago :)
Click to expand...

All nachi's flavors? Mine's w32.nachi-e. It is a revenant? :)
Anyway, have you installed the patches? Do you have the files and
registry entries mentioned in the description?
Click to expand...

Yes, installed and readed. I do carry nothing in
C:\windows\SYSTEM32\WINS\DLLHOST.EXE, nor in the remainder.
Insofar as a "second opinion" av scan goes, you might want to try
Trend's SysClean in Safe mode. See my web site for the Sys-Up
download. It might be that Avast is misidentifying the actual malware,
if any actually exists.
Art
http://www.epix.net/~artnpeg
Click to expand...

I clicked in the link above, and avast popped up the prompt; he did found
again the virus, it says....
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary
Internet Files\Content.IE5\MF1H5KZG\WksPatch[1].exe
C:\WINDOWS\system32\drivers\svchost.exe

Though, yesterday I canceled the content of MF1H5KZG! Btw, it was a folder
containing stuff of Sygate!
 
Back
Top