Index
 |
Trojan / Virus Problem ,please Help - might be (hoon) | ||
Discussion by joe.k with 18 Replies.
Last Update: August 8, 2008, 4:49 pm (View Latest) | Page 1 of 2 pages. | ||
 |
|||
I have been infected with atrojan but i can detect it.
and i have detected Hoon trojan and deleted it ,but the symptoms of the trojan is still on my pcs network
"
all driver have an autoplay (right click by mouse)
and it gives my this message by d-click on any driver
**************
SYS.EXE
the virus was detected and deleted from all drivers:
C:\sys.exe
D:\sys.exe
E:\sys.exe
F:\sys.exe
G:\sys.exe
????????
iam using Mcafee Virusscan enterprose and is up-to-dated.
if any1 have any idea , please post
thanks in avance.
Joe
and i have detected Hoon trojan and deleted it ,but the symptoms of the trojan is still on my pcs network
"
all driver have an autoplay (right click by mouse)
and it gives my this message by d-click on any driver
**************
SYS.EXE
QUOTE
windows cannot find 'sys.exe',make sure you typed the name correctly and then try again.to search for a file ,clicl the start botton then clicl searchthe virus was detected and deleted from all drivers:
C:\sys.exe
D:\sys.exe
E:\sys.exe
F:\sys.exe
G:\sys.exe
????????
iam using Mcafee Virusscan enterprose and is up-to-dated.
if any1 have any idea , please post
thanks in avance.
Joe
Wed Jun 6, 2007 Reply New Discussion
That sounds like a bit (alot) of a problem if you ask me.
Trojans (when I get them) usually lead me to formatting my computer.
Where in the computer is "sys.exe" meant to be from anywhere?
is it a system file or something?
because if it is then that probably means a problem.
Trojans (when I get them) usually lead me to formatting my computer.
Where in the computer is "sys.exe" meant to be from anywhere?
is it a system file or something?
because if it is then that probably means a problem.
Thu Jun 7, 2007 Reply New Discussion
QUOTE
This section tells you how to remove the threat.
Please follow the instructions for removing worms.
You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
System Updater = sys.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Updater = sys.exe
and delete them if they exist.
Each user has a registry area named HKEY_USERS\
CODE
\. For each user locate the entry:HKCU\
CODE
\Software\Microsoft\Windows\CurrentVersion\Run\System Updater = sys.exe
and delete it if it exists.
Close the registry editor.
Check your administrator passwords and review network security.
Also look here:
http://www.f-secure.com/v-descs/wallon.shtml
http://www.processlibrary.com/directory/files/sys/
Sat Jun 9, 2007 Reply New Discussion
You should use avg antivirus Free edition to remove this type of trojan. I've had this before i I used that program to remove it. It acctually works. If you need a link to the software, let me know!
Mike
Mike
Sun Jun 10, 2007 Reply New Discussion
AVG ... i heared about it , but is it realy good ,i mean for enterprise Co.you had that virus ?? ... and it didnt Write your reg (registry) .... becaus my antivirus deleted the trojan but it had written the registry and aday later it got a complete control over my pc leading me to format all my drivers
.now iam looking for blocking reg writing.
so i think iam gona give it a try
.Joe
Mon Jun 25, 2007 Reply New Discussion
I really get rid of trojans when I'm using AD-AWARE
Tue Jun 26, 2007 Reply New Discussion
Here is some information for everyone since I haven't seen anything posted with these tips yet. First of all, there is not one single anti virus/adware control that can find and solve every problem. However, here are three of the best I've ever seen and used. Used in conjunction with each other, I've been virus and adware free for well over three years.
Also before I give the names of these products/services, there are some additional actions that should be taken before and after the removal of any files from your computer. Always make a backup of your registry prior to removing the files in question. After the removal is complete, you should clear your computers cache (memory, history, recycle bin, etc.) since the virus and or adware remover will continue to detect it as a threat while in reality the threat has been isolated. Also be sure to set up all of the security options to keep problems from occuring. Last but not least update you virus and adware programs frequently or set them up to update automatically. I try to do it once per week but no longer than once a month.
Anyway, the three best removers that I have used are; AVG, Spybot and Panda online.
AVG has a free version of anti virus and a free version of adware remover. The anti virus allows you to set up an option to immediately notify you in the event that you pick up a virus and you can terminate the virus before it becomes a problem. They also have an extensive virus encyclopedia with definitions and removal instructions for those stubborn viruses.
Spybot is basic when it comes to adware removal. However it finds problems that most do not. In addition, Spybot will also automatically make a list of websites known for bad behavior and block those sites and or any downloading from those sites from occurring, plus an internet bad download blocker and a protection over all system setting which must be activated manually.
Panda has developed a system whereby they check your system remotely from their servers. Again, they don't find everything but they find more than many others combind. Scans, disinfects and eliminates over 185,000 viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email. It incorporates a powerful heuristic system
that is enhanced with technologies, to detect unknown malware. It is updated at least once a day to detect the latest viruses and spyware to appear. You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.
Just one last thing before I sign off. No matter what protection you use, it won't work if there's a hole in it
So set it up properly and completely. I'm sure that you'll have the same success that I have had keeping my computer running clean quickly and smoothly.
Good bye and good luck to all
Dominus
Also before I give the names of these products/services, there are some additional actions that should be taken before and after the removal of any files from your computer. Always make a backup of your registry prior to removing the files in question. After the removal is complete, you should clear your computers cache (memory, history, recycle bin, etc.) since the virus and or adware remover will continue to detect it as a threat while in reality the threat has been isolated. Also be sure to set up all of the security options to keep problems from occuring. Last but not least update you virus and adware programs frequently or set them up to update automatically. I try to do it once per week but no longer than once a month.
Anyway, the three best removers that I have used are; AVG, Spybot and Panda online.
AVG has a free version of anti virus and a free version of adware remover. The anti virus allows you to set up an option to immediately notify you in the event that you pick up a virus and you can terminate the virus before it becomes a problem. They also have an extensive virus encyclopedia with definitions and removal instructions for those stubborn viruses.
Spybot is basic when it comes to adware removal. However it finds problems that most do not. In addition, Spybot will also automatically make a list of websites known for bad behavior and block those sites and or any downloading from those sites from occurring, plus an internet bad download blocker and a protection over all system setting which must be activated manually.
Panda has developed a system whereby they check your system remotely from their servers. Again, they don't find everything but they find more than many others combind. Scans, disinfects and eliminates over 185,000 viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email. It incorporates a powerful heuristic system
that is enhanced with technologies, to detect unknown malware. It is updated at least once a day to detect the latest viruses and spyware to appear. You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.
Just one last thing before I sign off. No matter what protection you use, it won't work if there's a hole in it
So set it up properly and completely. I'm sure that you'll have the same success that I have had keeping my computer running clean quickly and smoothly.Good bye and good luck to all
Dominus
Thu Aug 9, 2007 Reply New Discussion
QUOTE (Dominus)
You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.Link: view Post: 108891
Panda required me to download and install an ActiveX plug-in. It's getting updates as we speak. I'll let you know of anything else.
Thu Aug 9, 2007 Reply New Discussion
I thought first of all, you need to boot to Safe Mode to remove the trojan? I don't see anyone does that. Anyway, I've infected by Trojan previously and don't have to completely reformat my PC. There's a few steps I did.
1. First, download a McAfee Stinger from the website. Get the latest version so that they have all the latest trojan remover.
2. Get the Latest Trend Virus Pattern Files from Trend Micro. This virus pattern file are updated pretty often. So it will contain all the latest reported worm and trojan. These two are good enough. If not,
3. Get the free Ad-Aware SE. Nothing to lose. (You need to install it before going to the next step. And of course UPDATE IT)
4. Disable you System Restore.
5. Reboot your PC and enter safe mode. (If anyone doesn't know how, press F8 at startup and a black screen should appear, choose Boot to Safe Mode)
6. When you are at windows, run the 3 programs that you've downloaded. Always perform Full Scan for all drives you have.
7. After you've done your scan, run regedit.exe and see whether the file 'sys.exe' still in your registry. If there isn't, restart your windows to normal mode.
8. When your windows is loaded, run the 3 programs again. Remember Full Scan.
These are the steps I did to remove worms and trojans from my PC. It works for me. But of course other trojans and worms might not be effectively removed by these steps. There are some trojans that need specific procedures to remove.
Cheers.
1. First, download a McAfee Stinger from the website. Get the latest version so that they have all the latest trojan remover.
2. Get the Latest Trend Virus Pattern Files from Trend Micro. This virus pattern file are updated pretty often. So it will contain all the latest reported worm and trojan. These two are good enough. If not,
3. Get the free Ad-Aware SE. Nothing to lose. (You need to install it before going to the next step. And of course UPDATE IT)
4. Disable you System Restore.
5. Reboot your PC and enter safe mode. (If anyone doesn't know how, press F8 at startup and a black screen should appear, choose Boot to Safe Mode)
6. When you are at windows, run the 3 programs that you've downloaded. Always perform Full Scan for all drives you have.
7. After you've done your scan, run regedit.exe and see whether the file 'sys.exe' still in your registry. If there isn't, restart your windows to normal mode.
8. When your windows is loaded, run the 3 programs again. Remember Full Scan.
These are the steps I did to remove worms and trojans from my PC. It works for me. But of course other trojans and worms might not be effectively removed by these steps. There are some trojans that need specific procedures to remove.
Cheers.
Fri Aug 10, 2007 Reply New Discussion
......
He says his antivirus has already detected and deleted the virus...
but he has the problem that when he double-clicks any drives it autoplays/autorun ....
To solve the autorun problem try this.
goto START > RUN and type command
after the command prompt is open
type these commands
c:
attrib autorun.inf -r -h -s
del autorun.inf
d:
attrib autorun.inf -r -h -s
del autorun.inf
e:
attrib autorun.inf -r -h -s
del autorun.inf
f:
attrib autorun.inf -r -h -s
del autorun.inf
g:
attrib autorun.inf -r -h -s
del autorun.inf
or if you dont know to use command prompt...
reply me and tell me how many drives you have...
and which drives give you this problem of autoplay.
If you feel / know that the trojan is spreading on your network.
You can try using Avast Anti-Virus Home Edition (its free)
After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)
And set Network Shield at high.
He says his antivirus has already detected and deleted the virus...
but he has the problem that when he double-clicks any drives it autoplays/autorun ....
To solve the autorun problem try this.
goto START > RUN and type command
after the command prompt is open
type these commands
c:
attrib autorun.inf -r -h -s
del autorun.inf
d:
attrib autorun.inf -r -h -s
del autorun.inf
e:
attrib autorun.inf -r -h -s
del autorun.inf
f:
attrib autorun.inf -r -h -s
del autorun.inf
g:
attrib autorun.inf -r -h -s
del autorun.inf
or if you dont know to use command prompt...
reply me and tell me how many drives you have...
and which drives give you this problem of autoplay.
If you feel / know that the trojan is spreading on your network.
You can try using Avast Anti-Virus Home Edition (its free)
After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)
And set Network Shield at high.
Sun Aug 12, 2007 Reply New Discussion
Try Spy-bot, i'am not sure this software will solve your problem but i use it all the time, may be you should try it too 
Homepage: http://www.safer-networking.org/
Download link: http://www.safer-networking.org/en/download/
p.s. And by the way it's free and have any language you just gonna wish
Homepage: http://www.safer-networking.org/
Download link: http://www.safer-networking.org/en/download/
p.s. And by the way it's free and have any language you just gonna wish
Fri Aug 31, 2007 Reply New Discussion
Its very simple to fix this problem, if you cant get into your thumb drive by double clicking it and you receive the error message windows cannot find 'sys.exe',make sure you typed the name correctly and then try again.To search for a file ,click the start botton then click search.....make sure the virus is gone first of all.
back up all your data on the disk that wont let you in....then reformat it.....put the data back on...and hey presto! it should work...it did with mine...hope this solves your problem
-rick
back up all your data on the disk that wont let you in....then reformat it.....put the data back on...and hey presto! it should work...it did with mine...hope this solves your problem
-rick
Sun Oct 7, 2007 Reply New Discussion
In our case, we had two people who had been out of country and picked up this trojan/virus. It was "simple" to remove following instructions found on the web. However, the nefarious part of this malicious software has been how it jazzed up registry settings and group policy to block attempts to remove or fix the problem. Further, when these two users tried to attach to shared drives on the network, they were blocked from doing so and an error message popped up indicating that 'the file sys.exe was not found, please contact your administrator to change permissions or password'. Turns out when they first connected to the network while still infected, apparently the autorun.inf was copied to the network drive. THIS ONLY HAPPENS WHEN YOU DOUBLE-CLICK ON THE DRIVE TO WHICH YOU ARE GOING TO ATTACH. That is when the files are copied to other drives, including thumb drives. Note that if the thumb drive was infected first [as was the case with our to users], anytime a drive is opened, the running process copies the autorun.inf and the sys.exe files to the drive that was just opened. One way to fix this is to right-click on the network drive [or any drive], Explore, show hidden and system files and delete the autorun.inf file.
- prw
-Waullygabsalot
- prw
-Waullygabsalot
Tue Nov 6, 2007 Reply New Discussion
Help me please
Trojan / Virus Problem ,please Help
Replying to Sten
Yeah, it is a system file, and both my hard drive C: and D: is blocked, I can't open it, if I d-click the drives this will show "access is denied", what is the best option for this?
-reply by Brylle G.
Trojan / Virus Problem ,please Help
Replying to Sten
Yeah, it is a system file, and both my hard drive C: and D: is blocked, I can't open it, if I d-click the drives this will show "access is denied", what is the best option for this?
-reply by Brylle G.
Sun Mar 2, 2008 Reply New Discussion
QUOTE (L33t BoTz)
......He says his antivirus has already detected and deleted the virus...
but he has the problem that when he double-clicks any drives it autoplays/autorun ....
To solve the autorun problem try this.
goto START > RUN and type command
after the command prompt is open
type these commands
c:
attrib autorun.inf -r -h -s
del autorun.inf
d:
attrib autorun.inf -r -h -s
del autorun.inf
e:
attrib autorun.inf -r -h -s
del autorun.inf
f:
attrib autorun.inf -r -h -s
del autorun.inf
g:
attrib autorun.inf -r -h -s
del autorun.inf
or if you dont know to use command prompt...
reply me and tell me how many drives you have...
and which drives give you this problem of autoplay.
If you feel / know that the trojan is spreading on your network.
You can try using Avast Anti-Virus Home Edition (its free)
After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)
And set Network Shield at high.
Link: view Post: 109019
I have had lots of trojans and normally when i get a virus that bad i have to format my computer because it is running so slow because of the virus i cant do now. Once i scanned it it was goin that slow it took 3 days to scan. I suggest you scan your computr and all the files you download regularry. Scan tht files before you open them and this should prevent you from getting viruses.
Fri Mar 7, 2008 Reply New Discussion
 |
 |
|
 |
 |
| Reply / Comment | Ask a Question? | Share / Bookmark | E-Mail a Friend |
 Brontox safe againts brontox (3)
|
(2) Effect Of Antispyware Effect of antispyware on system performance 
|