Expert: Lorry - 10/11/2006

Question
Hello Lorry
I am really grateful for the effort that you have put to finding solution for my problem.I just now went through the instruction that you have provided and checked that link too.Is it that I should have to install Symantec antivirus to complete this process?

Regards
Sabin
-------------------------

Followup To

Question -
Hello Lorry
Thanks for your prompt response. With the links you have provided I ran the virus detection from the symantec and it found out more than 100 virus or trojan named W32.SillyP2P.I then searched for this name in the symantec however there is no removal tool for this threat.
What do you suggest I do next to do away with this virus? I havent tried the spybot search and destroy. In past I had used it and it disabled the existing antivirus.So I am little worried if it cause the same problem.
I hope you have a suggestion for this

Regards
Sabin
-------------------------

Followup To

Question -
Dear Lorry
My PC has been infected with the virus called SystemKernel.exe.vir. which has  created a folder named chernobyl april 26 in each drive. Furthermore inside every folder there is another  folder with the same name which has the content of My Documents.These folders have  slightly different lining than the ordinary folders. I have been using Macfee enterprise antivirus . It has been able to dectect the sytem kernel as Malware trojan but says it is uncleanable . The status now as per scan report is 'moved'...probably quarantine i guess. In the quarantine folder located in C: drive there are the kernel.exe files.  There is still no loss of data and anything serious however this seems dangerous .
I would be more than plesed if u could help me get rid of it


Answer -
Hi Sabin,

Even though you McAfee installed, using Internet Explorer, go to:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Click the GO button, then under Virus Detection, click Start. You might be told that you need to download and install ActiveX Controls for the scan to work, answer Yes.

Write down exactly anything it finds, then go to: http://www.symantec.com/search/  and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually. Make sure that you follow the instructions for removal, step by step, especially the part regarding disabling System Restore.

I would also suggest checking for spyware using Spybot - Search & Destroy 1.4, a program that removes spyware, available from:

http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

Once installed, enable Tea Timer. Open the Spybot Search & Destroy, click  the "+" sign next to Tools on the left side of the screen, click System Startup, then on the right side of the page check HK_CU Run Spybot Tea Timer.

The Resident TeaTimer is a new tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future.

Check for updates before running. If you have trouble getting the updates, near the top of the Update Window, click the little arrow next See-Cure  #1(Europe), highlight the next one on the list, See-Cure #2 and try to download the updates. If that doesn't work, try the next one the list. until you get one you can download from. Being a free program, if too many people are using the same site to download the updates, some people will not get them.

Hope this helps!
Lorry

Answer -
Hi Sabin,

Check out the following from Symantec for removal instructions:

http://securityresponse.symantec.com/avcenter/cgi-bin/virauto.cgi?vid=39327

Spybot S&D, like other anti-spyware programs gives you the chance to set specifics, regarding which program(s) are safe ot not. Was very surprised that Symantec had no instructions for removal except for the site mentioned, plus it took me quite awhile just to find that one.

Run Spybot, after checking for updates.

Hope this helps!
Lorry

Answer
Hi Sabin,

By going to:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

you are just running a free virus scan from Symantec, not downloading Norton AntiVirus. At the same site, you can also run a security check, similar to Spybot.

Hope this helps!
Lorry