By hartbladed ·
Hi to all,

My computer is infected by the virus '' I already scanned my computer with Escan anti-virus (Kaspersky) but the virus is still in there, I already scanned it into safe mode but the virus still in there. I really need the help on this so please kindly help me on my problem.. Thanks in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

re: removal may not fix computer

by ThumbsUp2 In reply to Remove

YOu must not be running any antivirus software on your computer. Or, if you are, it's not up to date. This one is easily detectable by current antivirus software.

You have a very nasty and destructive worm on your computer. The name you displayed is an alias for W32/Rabb.worm. A simple search at found it.

You may be able to remove the worm (I don't know your skill level), but you will probably never find all of the damage that it has already caused. If you don't know how to backup your data and restore your computer to factory settings (the way it was when you bought it), I would suggest you seek professional help right now, before you infect others.

Method of Infection -
It can be propagated over removable media or mounted network drives.

----1st snip----
W32/Rabb.worm is a destructive worm that overwrites and replaces executable *.EXE files. It can also make copies onto removable media and mounted network drives. As executable files are overwritten and not infected, affected *.EXE files cannot be repaired and must be restored from backup.

---2nd snip---
The msexch400.dll file is injected and executed in the running process of Winlogon.exe (a default Windows service).

(There exist a msexch40.dll file which is a legitimate component of Windows)

It will then attempt to make copies of itself, and overwrite *.EXE files in the following hardcoded location(s):

C:\Program Files

---end snips---

Collapse -

re: removal may not fix computer

by hartbladed In reply to re: removal may not fix c ...

Hi, thanks for your reply, I was scanning the computer with Escan AV but it says 'Virus could not be removed.'. I have downloaded the recent update to the AV but still the same message appears. I've done scanning in safe mode with command prompt but did not solve my problem. Do you have any advise? thanks.

Collapse -

re: Escan AV

by ThumbsUp2 In reply to re: removal may not fix c ...

If Escan AV says it can not remove the virus, then it can not remove the virus. All it can do is tell you that you're infected. You need a much more high powered antivirus program than that to remove the virus that you've caught. And, now that you're infected and it's overwriting EXE files, you may never be able to get it off. Chances are that it has overwritten a critical file that would ALLOW the installation of another antivirus program that IS capable of removing the virus but not fixing the damage.

Take it to a Pro.


Related Discussions

Related Forums