A strange program ?

Try:

http://free.grisoft.com/doc/5390/us/frt/0?prd=asf

Anyone out there know this virus name? whats the best way to clean it?

I post a thread before, but I cannt open it becasues its title has virus, whenever I try to open it, the virus close all page at once.

so I hve to open anoher thread with differnent title.

Use a bootable CD from one of the antivirus software companies and clean the hard disk.

Then install a firewall, both hard and software, clean regularly with cleaning software for malware.

Prevent viruses and Rootkits getting to you, do not open emails from unknown people.

If necessary for a company, have a small cheap PC, behind the firewall, JUST for email only and have a full backup of the system disk on CD or DVD, then you only need to reformat and copy over and then re.boot at worst.....

The virurs is not going through firewall, but from usb port by u disk.

it hide in some files. I use command of " ntsd -c q -p id" end many processes, but cannt find it. I use some process check software, but cannt find it. I start from dos, but cannt entry ntsf part, I make a disk to entry it, but cannt kill them all with famous software, when I was told that all killed, but when I start my ssystem, the virus still act.

It can scan title of browser, if there are words like killer, ivrus etc, it close all browssers at one. and killer software cannt open again.

What is it?

I feel that the only way to save your data (if it on the affected disk) is to do as I said and boot from an Antivirus CD or DVD, then clean the disk.....

The USB disk just needs a full reformat I suspect, hopefully nothing important is still on it.....

If you need to clean the USB disk and save data, I feel that you will have to remove the disk and connect it normally to a PC as there might be a problem with the USB connection when working under DOS or similar.......possibly anyway......maybe someone else can give better infos on that one....

I hve cleaned the u disk now. but its problem to clean system. thanks

I think the best is to write to a big anti-virus company, describe this virus to them, and send them a copy, if they request for it, and I think they will request for it.

Maybe it's a new virus, and the software industry is not yet prepared for it. Not all viruses are known and protected from. That's why ypu update your anti-virus every day.

Good luck.

Thank you Yuval.

you are right to find an antivirus comp;any to kill it. I ask and they cannt tell what the virus is now. its seems not too newest but its strange. it has composition featues.

Thats why I hopt to know , may someone met it and has experience at it.

its only a spy or backdoor type.

"...seems not too newest but its strange. it has composition featues..."

Maybe it's not a virus but only a bug in the firmware of the USB device, or one of the USB drivers.

I once (1997) had a strange behaviour of a system (it kept restarting the PC every half an hour or so, without warning) which I thought was a virus infection, only later to find out, that other people who bought the same motherboard had it, and it turned out to be a bug in the BIOS. We flashed the BIOS with a fixed version, and it was fine.

Not all problems are a virus. Sometime it's a bug in the software (or Firmware - if it's something like USB player), especially a new version of something which just came out, and never had a chance for de-bugging.

It was good and correct that you mentioned this, but I personally feel that it is some sort of virus or Mal-ware as it closes the browser if the word virus appears.......and you cannot open the browser again without a re-boot......there are other effects too that you can read above.

A firmware or BIOS problem would not I feel do this sort of thing.....but it was a good idea to mention your experiences....

Yes, I guess you are right. These sound like symptoms of a prank made by a spoiled brat.

Very well put!

This is a not old virus. lots of users were suffered by it. now we find the way from net. and I shall public its resolution way tomorrow. very interesting.

The writer is wise, he inserted malware and provents itself from been cleaned by other antivirus software, he destoried safety mode. so that you cannt entry this mode to kill virus. at start he search timeplatform.exe and explorer.exe then inserts a autorun program which is a 8 bit radom characters excuatable program. the program heists all existing antivirus programs , then inhibite them to provent from been killed. go to your regist you will find under the terms of HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\... there are lots of familiar names of antivirus software! I lists some of them <br>AntiVirus <br>Trojan <br>Firewall <br>Kaspersky <br>JiangMin <br>KV200 <br>.kxp <br>Rising <br>RAV <br>RFW <br>KAV200 <br>KAV6 <br>McAfe <br>Network Associa <br>tes <br>TrustPort <br>Norton <br>Symantec <br>SYMANT~1 <br>Norton SystemWor <br>ks <br>ESET <br>Grisoft <br>F-Pro <br>Alwil Software <br>ALWILS~1 <br>F-Secure <br>ArcaBit <br>Softwin <br>ClamWin <br>DrWe <br>Fortine <br>anda Software <br>Vba3 <br>Trend Micro <br>QUICKH~1 <br>TRENDM~1 <br>Quick Heal <br>eSaf <br>ewido <br>Prevx1 <br>ersavg <br>Ikarus <br>Sopho <br>Sunbelt <br>PC-cill <br>ZoneAlar <br>Agnitum <br>WinAntiVirus <br>AhnLab <br>Norma <br>surfsecret <br>Bullguard <br>BlackICE <br>Armor2net <br>360safe <br>SkyNet <br>Micropoint <br>Iparmor <br>ftc <br>mmjk2007 <br>Antiy Labs <br>LinDirMicro Lab <br>Filseclab <br>ast <br>System Safety Mo <br>nitor <br>ProcessGuard <br>FengYun <br>Lavasoft <br>NOD3 <br>mmsk <br>The Cleaner <br>Defendio <br>kis6 <br>Behead <br>sreng <br>IceSword <br>HijackThis <br>killbox <br>procexp <br>Magicset <br>EQSysSecure <br>ProSecurity <br>Yahoo! <br>Google <br>baidu <br>P4P <br>Sogou PXP <br>yaskp.sys <br>BDGuard.sys <br>木马 <br>KSysFilt.sys <br>KSysCall.sys <br>AVK K7 <br>Zondex <br>blcorp <br>Tiny Firewall Pro <br>Jetico <br>HAURI <br>CA <br>kmx <br>PCClear_Plus <br>Novatix <br>Ashampoo <br>WinPatrol <br>Spy Cleaner Gold <br>CounterSpy <br>EagleEyeOS <br>Webroot <br>BufferZone <br>x0w2e3t6m9 <br>avp <br>AgentSvr <br>CCenter <br>Rav <br>RavMonD <br>RavStub <br>RavTask <br>rfwcfg <br>rfwsrv <br>RsAgent <br>Rsaupd <br>runiep <br>SmartUp <br>FileDsty <br>RegClean <br>360tray <br>360Safe <br>360rpt <br>kabaload <br>safelive <br>Ras <br>KASMain <br>KASTask <br>KAV32 <br>KAVDX <br>KAVStart <br>KISLnchr <br>KMailMon <br>KMFilter <br>KPFW32 <br>KPFW32X <br>KPFWSvc <br>KWatch9x <br>KWatch <br>KWatchX <br>TrojanDetector <br>UpLive.EXE <br>KVSrvXP <br>KvDetect <br>KRegEx <br>kvol <br>kvolself <br>kvupload <br>kvwsc <br>UIHost <br>IceSword <br>iparmo <br>mmsk <br>adam <br>MagicSet <br>PFWLiveUpdate <br>SREng <br>WoptiClean <br>scan32 <br>shcfg32 <br>mcconsol <br>HijackThis <br>mmqczj <br>Trojanwall <br>FTCleanerShell <br>loaddll <br>rfwProxy <br>KsLoader <br>KvfwMcl <br>autoruns <br>AppSvc32 <br>ccSvcHst <br>isPwdSvc <br>symlcsvc <br>nod32ku <br>avgrssvc <br>RfwMain <br>KAVPFW <br>Iparmor <br>nod32krn <br>PFW <br>RavMon <br>KAVSetup <br>NAVSetup <br>SysSafe <br>QHSET <br>zxsweep <br>AvMonitor <br>UmxCfg <br>UmxFwHlp <br>UmxPol <br>UmxAgent <br>UmxAttachment <br>KPFW32 <br>KPFW32X <br>KvXP_1 <br>KVMonXP_1 <br>KvReport <br>KVScan <br>KVStub <br>KvXP <br>KVMonXP <br>KVCenter <br>TrojDie <br>avp.com <br>KRepair.COM <br>KaScrScn.SCR <br>Program Files <br>system32notepa <br>Trojan <br>Virus <br>kaspersky <br>jiangmin <br>rising <br>ikaka <br>.duba. <br>kingsoft <br>360safe <br>木马 <br>木马 <br>瑞星 <br>社区 <br>KvNative <br>bsmain <br>aswBoot (too many, which one is your using now?) so that you cannt use anyone of them. then he call a command of lpdriver.sys to shut down all of your browser if it finds you use antivirus. wow, chinese terms: Li hai ! smart ; not simple. now you can del them all in your register. then, ( I restart my computers from DOS system use win98 starter) ( you cannt entry safety mode now!) then I sue command of new dos ntfspro entry ntfs section.(of of computer use 2k) if your systemrooot is fat32, you can entry directely. delete all hide files of name of autorun.inf and derived excutable file. if you cannt del them, pls change their attribute by command of attrib -s-h-r, then kill them all. now you can start your antivuris oftware again. for insurance, I download serveral porssible free or trial ware and run them. My god. I find there are different result. some of them said, now its clean, and others still detect virus and kill, I use avg, dr.web, chinese companyls, spyware termination, etc. it made me supprise at is spyware doctor, which detects more than 400 virus after above software detected. I try again, its. and it ocupy lots of memory. so that the computer run very slowly. I visit the infect files, and register. no problem. I guess, it may trial, so it acts this so that people can buy it at once for safty.

That is incredible endeavour on your part. The sheer tenacity to hunt the sucker down.

So, basically, it blew the safety-mode and access to your browsers, in order to avoid your hunting it down, in some relative convenience. It then auto-generates an 8-bit random-char executable, to occupy enough CPU cycle-time, preventing it from starting any of the virus hunting routines, already installed in the system.

"...it made me surprise at is spyware doctor, which detects more than 400 virus after above software detected. I try again, its. and it occupy lots of memory. so that the computer run very slowly. I visit the infect files, and register. no problem. I guess, it may trial, so it acts this so that people can buy it at once for safty..."

Did you mean to say that it was this software company, which created the virus in the first place?

Not that it wouldn't make any sense, but please explain a little more

no. I mean I use this companys product to detect the virus, and it show more than 400 virus existing in my computer. its impossible. I dont konw how to believe it. it also shows if you want to kill these virus, you have to buy thier regular product. I try other products, the result is differnt. some report has, some report no. maybe this virus would be produced by our chinese, so little foreingers know this virus.

above list are most used by us. they are all shield by the virus. you cannt start anyone of them.

Yes, I see. Someone took the time and trouble to neutralise them all. It is a lot of careful work.

Do you think anarchist did it?

You know, I really don't understand the motives of these virus-writers.

Why would they do it? There is no money in it, no glory, no friends, no influence, nothing. Only destruction of other people's work.

The only conceivable motive is, to make anti-virus companies richer and richer. So, naturally, one would think that hackers would write them, and sell it to anti-virus companies, for a lot of money. Otherwise, we would be forced to suspect the virus companies themselves.

It's a crazy world, when you need some mafia-type protection for your computer, and you don't really know who to trust, if any.

It's like all these new sites which will let you see video-streaming of the latest Hollywood movies for free.

Well, it's not really free, because these sites are main bridgeports for data-mining companies to hook you up to, and inject your system full of spyware to distribute to all your address-book mates, thus turning you a spyware agent, without your even knowing it.

Main world-wide data-mining bases today are the USA, China, and India. Data-mining, is currently the biggest money on the web, because it is sold to marketing organisations and private companies and even governmental departments and agencies, all over the globe, and also traded from one company to another.

The main active tool for data mining is spyware.