Lees hetzelfde in:    Dutch  Francais  Deutsch  Polski  Russian  Español  English  
Home / Bestrijden van malafide programma’s / Virussen en oplossingen
Consumenten producten
KAV, KIS & Smartphone bescherming
Zakelijke producten
Werkstation & Server bescherming
Bestrijden van malafide programma’s
Hoe te desinfecteren...
Kaspersky Virus Removal Tool 2010
Algemene informatie
Virussen en oplossingen
Virusbestrijdingsprogramma’s
Online Scanner
Kaspersky Rescue Disk 10
Training en Certificering
Volg een cursus en wordt een gecertificeerd anti-virus security specialist
Zelf Service
Meer hulp online
Over Kaspersky Lab Ondersteuning
Informatie over ondersteuning en regels
Zoek door de sectie vraag en antwoord:
Artikel nummer   
Geavanceerd zoeken :

 
Zoeken:  
Artikel nummer :     
 

How to disinfect a PC from Virus.Win32.Virut.ce, q
This section explains how to neutralize complicated malware, i.e. when user participation is required to modify the system registry or execute a special utility, for example. If you have not found the requested information in this section please submit a request to the Kaspersky Lab Technical support.

How to disinfect a PC from Virus.Win32.Virut.ce, q

 ID Article: 2735    Andere talen:  Francais  Deutsch  Polski  Russian  Español  English      Views for 7 days 6    Last modified on 10.01.2012 14:53 Afdrukbare versie

Main function of Virus.Win32.Virut.ce, q is a botnet client which is used by the virus to transmit data from an infected PC. Here you can read more about botnets and their usage.

To disinfect a system infected with malware Virus.Win32.Virut.ce, q use the tool VirutKiller.exe.


Disinfection of an infected system

 

  • Download the archive VirutKiller.zip and extract it into a folder on the infected (or potentially infected) PC using an archiver program (for example, WinZip).

  • Run the file VirutKiller.exe.

  • Wait for the scan and disinfection to finish. No reboot is needed after disinfection.

If started without switches, the tool will:

  • Seek and terminate malicious threads.
  • Seek hooked functions and unhook them:
    • NtCreateFile;
    • NtCreateProcess;
    • NtCreateProcessEx;
    • NtOpenFile;
    • NtQueryInformationProcess.
  • Scan and disinfection of files on all hard disk drives.
  • While scanning hard disk drives, the tool will also perform a check of executable files of all running processes every 10 seconds.
    Terminate detected infected processes and disinfect infected files.

Optional switches to run the tool from command prompt:


-l <file_name> - write log to the file.
-v - detailed logging (must be used in combination with the parameter -l).
-s ;- scan in “silent” mode (without opening console box).
-y - when the utility finishes, its window will be closed.
-p <folder_path> – scan a specific folder.
-r - scan removable drives (flash), external USB and FireWire hard disks.
-n - scan network drives.

 

Symptoms of infection:

  • Infected computers keep trying to access the following addresses to receive administration commands:
    • irc.zief.pl;
    • proxim.ircgalaxy.pl.

  • An experienced user can track hooks of the following functions in almost all processes (these hooks are used by the virus to infect all executable files a process is trying to access, and introduce its code into all newly started processes):
    • NtCreateFile;
    • NtCreateProcess;
    • NtCreateProcessEx;
    • NtOpenFile;
    • NtQueryInformationProcess.

You might use the Rootkit Unhooker utility, for example:




Or Gmer:

 Heeft de informatie u geholpen?

                       

 Give your Overige Feedback.

 

Kaspersky Lab

Copyright © 1997-2013 Kaspersky Lab
Site map  |   Contact Opnemen  |   Internationale Support Service   |  Stuur een verdacht bestand
Persoonlijk Dossier  |   Registratie  |   Veelgestelde vragen over het Persoonlijk Dossier

Stay connected