Ahhhh Damn Virus

If i run a deep scan with NOD32 i get this error:

probably unknown NewHeur_PE virus found in operating memory. NOD32 cannot clean this infiltration. No action can be taken on a memory infiltration.

What kinda off AV cant remove a virus!!! Now if i look in task manager processes there is one called SVCNET.EXE, if i end that task and then do the scan the virus isn’t found… So will it be that?

Please help, i dont want this virus eating at me system!

Thanks

O…k sometimes when i scan it has the error but sometimes it doesnt wierd…

Looking at me firewall it shows SVCNET using my internet and connecting 2 "HOSTED BY DOT-TK:6667

Dodgy i dont trust ima end that process plus it is using up some of my CPU.

I wanna remove it GRRRRRRR

antiviruses cannot remove viruses from programs that are currently running. have you tried doing a system scan from safe mode?

you have the w32.tibick worm on your system which you get from p2p sites mostly. Deny it access to the net first of all as its listening in to an IRC channel for the attacker. To get rid of it, turn of your system restore, update your definitions and scan again. Thats where it hides, windows doesn’t allow antivirus programs to modify the system restore so it has to be temporary switched off. You may also want to delete the registry values, look at the following page on how to do that and what to delete

http://securityresponse.symantec.com/avcenter/venc/data/w32.tibick.html

Hope this is of some hel.

Thanks i looked on google and found it copies itself into the system32 folder, i looked it there and clicked once on the SVCNET.EXE program in there, immediantly NOD32 popped up saying it was a virus… and deleted it, i think it could delete it becos i ended the svcnet.exe process in the task manager so it was no longer in memory

Im gonna remove the registry values now, thanks!!!

I have the same problem:
NOD32scan showed this alarm:

File C:\System Volume Information_restore{9B6D7517-0C2D-4CDB-9D89-52E42D81AEAA}\RP81\A0021064.exe is infected with probably unknown NewHeur_PE virus.

What should i do???
Please heelppp… :sad:

I’d disable System Restore, that should remove the restore file and with it the virus :slight_smile:

But I know some folk like to keep System Restore turned on…

NewHeur_PE means that by herustics nod detected it as a possible virus its not a 100% positive , you should just delete it imo , but before you do that i suggest youll send it to eset for analyzing , i believe there is such an option somewhere within nod32

Thanks! :slight_smile:

Do you mean that if i do so the computer will get rid of the virus by itself??
How will i know if that happens or not?

i deleted immediately the file that was infected and i sent it before that to eset :wink:
but how do i know that now my computer is ok?? :rolleyes:

Turn off System Restore (which is useless anyways) and run NOD/Kaspersky or whatever you use in “Fail safe mode” and do it a few times (reboot between each scan).
Congrats for getting a virus btw…
//Danne

I use NOD32…
hmm…could you please give me more details about the “fail safe mode”?
How can i do what you said?
Is there this mode in NOD32?Where?

[And as for the congrats…I think that anyone could face some problems with viruses when she can’t update her antivirus :wink: (that happened to me :o …)
If i got your point…the congrats was an ironic comment on me getting a virus…right?]