A Virus tale

[Nikhilsam]

My system has been infected by some sort of Virus stuff. The problem is that
even after scanning with latest Norton Antivrus 2007, Avast 4 Professional.
The virus still exits and affects my Pen Drive by copying some DOS executable stuff. Other interesting thing is that even after terminating the process of the executable file it restarts itself. The process files are named as "Severe.exe", "Conime.exe" and "Jusdol.exe". So, could anyone help me out?

[deadpulse]

Use AVG Antivirus free edition and scan your system in DOS mode. Norton and other antivirus don't scan system is DOS mode. Also, you can try using NOD32 anti-virus its the best virus since 2006.

[rakeshishere]

Must be Spyware..Run any gud Antispyware like ewido or spybot...

[piyush gupta]

Its a trojan
more details here

http://kr.ahnlab.com/SecuInfoVirusVi...hn?SEQ_NO=6907


Update your AV definations and scan
or use KAV or NOD32

[47shailesh]

Dropper/QQPass.48436 is a dropper. When the dropper is executed, it creates
- jusodl.dll (21,168 bytes)
- jusodl.exe (48,436 bytes)
- severe.exe (48,436 bytes)

It creates following file(s) in Windows system folder\drivers.

- conime.exe (48,436 bytes)
- pnvifj.exe (48,436 bytes)

It creates following file(s).

- autorun.inf (75 bytes)
- OSO.exe (48,436 bytes)


The dropper adds a Windows registry entry to run itself automatically whenever Windows starts.

SOURCE

REMOVAL
__________

Quote:

Originally Posted by piyush gupta

Its a trojan
more details here

http://kr.ahnlab.com/SecuInfoVirusVi...hn?SEQ_NO=6907


Update your AV definations and scan
or use KAV or NOD32

i think if he installs KAV on infectected mc it will not work..

It modifies HOSTS file to keep the user from connecting specifiec addresses. Generally, the addresses are homepages of Internet security sites and antivirus engine updates servers. So the infected system's user can't get information or engine updates to scan and remove the malicious code.

127.0.0.1 dnl-us1.kaspersky-labs.com
127.0.0.1 dnl-us2.kaspersky-labs.com
127.0.0.1 dnl-us3.kaspersky-labs.com
127.0.0.1 dnl-us4.kaspersky-labs.com
127.0.0.1 dnl-us5.kaspersky-labs.com
127.0.0.1 dnl-us6.kaspersky-labs.com
127.0.0.1 dnl-us7.kaspersky-labs.com
127.0.0.1 dnl-us8.kaspersky-labs.com
127.0.0.1 dnl-us9.kaspersky-labs.com
127.0.0.1 dnl-us10.kaspersky-labs.com
127.0.0.1 dnl-eu1.kaspersky-labs.com
127.0.0.1 dnl-eu2.kaspersky-labs.com
127.0.0.1 dnl-eu3.kaspersky-labs.com
127.0.0.1 dnl-eu4.kaspersky-labs.com
127.0.0.1 dnl-eu5.kaspersky-labs.com
127.0.0.1 dnl-eu6.kaspersky-labs.com
127.0.0.1 dnl-eu7.kaspersky-labs.com
127.0.0.1 dnl-eu8.kaspersky-labs.com
127.0.0.1 dnl-eu9.kaspersky-labs.com
127.0.0.1 dnl-eu10.kaspersky-labs.com

source
__________
@Nikhilsam

infect if u see the modified host file you'll yourself find the removals tools..

here host file
127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com
127.0.0.1 360safe.com
127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com
127.0.0.1 up.rising.com.cn
127.0.0.1 scan.kingsoft.com
127.0.0.1 kvup.jiangmin.com
127.0.0.1 reg.rising.com.cn
127.0.0.1 update.rising.com.cn
127.0.0.1 update7.jiangmin.com
127.0.0.1 download.rising.com.cn

so use netcafe and get for ur system

360 security guards v3.1 from 360safe.com

or search in the above listed pages

[piyush gupta]

U r right shailesh better he use some removal tools and after that update his AV