Recently I noticed a large amount of hidden system files in my c:\windows\system\ folder. All of these files were exactly 302kb in size and modified on exactly the same day and exactly the same time. After deleting all the ones that I could I found there were two files that could not be removed because windows told me that they were being used by windows. The name of the current two files are
LVSETUP.DLL and SIREAMCI.DLL. Each time I start my computer, another file with exactly the same attributes is created, but with a different name. The files are all listed as HIDDEN, SYSTEM, READ ONLY and a Digital Signature by Nic Tech Networks Inc. I feel that this is some kind of Problem and would appreciate any comments and help.
I have tried removing the files in DOS by changing the attributes, but It will not let me, saying NOT CHANGING ATTRIBUTES FOR (whichever file) The only file name that does not change is SIREAMCI.DLL if this is any help.
I have tried all of the above clean-ups [spybot, ad-aware, hijack this], tried to restore previous registry through DOS- message 'program will not run in DOS], went into the Cngwiz file, read instructions for this Nic Tech file- unable to edit- file in use-, unable to change name- even in safe mode. Search redirects run each time PC started, VX2 reinstalls, Look2Me reinstalls. HELP!! I disconnected from the internet, continuous attempts to connect by this virus. Cannot use CD- files removed. Cannot use printer- 'page error'. Every time there is a reboot, another 302 kb .dll file in systemfiles. None of these picked up anymore by scans, including Pest Patrol and McAfee Virus Scan.
You have done a good job, but I think you need a special tool to take care of this thing that looks like a new threat. So please send us a sample of the files you think that are infected and I'll talk to the analysts to give me a tool if necessary.
Here is the standard procedure of sending a sample to our laboratory:
1. locate the suspect files
2. disable all your AV (their antivirus module)
3. pack the suspect files with an archiver program and make sure you encrypt the archive with a password
Bullguard is a full antivirus protection, just like Panda, Norton, McAfee... it has included a firewall protection, it scans for incoming mails, plus it has something new: a backup storage where you can save important stuff...
send bullguard what you have on that virus then go into your regedit and delete it. if your OS has a restore system turn it off, then go into regedit and delete the file. I'm confident if you can play in dos the way you do regedit should be no problem. when you get that done, do a simple disk clean to remove all restore points and then and only then restart the computer. leave restore off, viruses tend to write themeselves in there.
Currently it is Tuesday, December 02, 2008 10:59 PM (GMT +1) There are a total of 64.507 posts in 15.908 threads. In the last 3 days there were 17 new threads and 85 reply posts. View Active Threads
Who's Online
This forum has 27322 registered members. Please welcome our newest member, imezeguy. 45 Guest(s), 0 Registered Member(s) are currently online. Details
|