I just had to deal with this bug just this past weekend, part of Monday(Weekend of 11-9).
I had to manually remove the damn thing. If you cant get the removal tool, Here is what you need to keep from being infected again. Depending on how many pc’s you have, it may take some time to get it off all the machines.
Make sure unplug the pc from the network. when you are about to remove this virus
- Look for these files, alevir.exe, brasil.exe, cronos ormarco!,scr, scrsvr.exe. instit.bat, Gustav.sap If you have any of these files, you will get probably reinfected. The best thing to do is delete them. They more than likely will be in the Windows folder. Also look for these ,ini files - tmp.ini, put.ini and gay.ini. These are all pointer .ini’s for the damn virus. Delete them also. If you try to delete and can’t, go to the start button and type, this in “msconfig” without the quotes. This also can be accomplished with the “sysedit” w/o the qoutes. Pick the Win.ini and remove the references to these files. Also look for the other line that has loading again, command with a string of those files in it( it looks like something run=c:\Windows\Brasil.exe,c:\Windows\Brasil.pif,c:\Windows\marco!.scr,c:\windows\scrsvr.exe,c:\windows\instit.bat
. You may need to reboot after getting these off here, but make sure you remove it from the registry ( the next step)
- If you cant delete these because Windows gives you an excuse about these files make sure the files are unchecked or deleted in the win.ini. Go back to the start menu , run, type in regedit and click HKEY_LOCAL_MACHINE\Microsoft\Winsows\CurrentVersion\Run=
and look to see if it has a equals sign. If it does this is the key that has the registy entry for the virus. Remove the key. Reboot the machine and run a scan to make sure all the references to it are gone.
I had a problem with installing Norton Antivirus on the 2 computers at work. We use a program for sales and it has a built in security module that stated it could not be loaded and crashed.
There was activity on our router and traffic for port 137
Here is more information if it is needed