PDA

View Full Version : Win32: Kolweb virus



craigdele
19-08-2006, 01:00 PM
The Avast Antivius program detects the Kolweb virus when I open a folder or sometimes use windows explorer.

I do the recommended and commit the virus to the chest. I have also deleted it other times. However on rebooting the virus reappears.

Can anyone provide me with some solutions please?

Dele

Speedy Gonzales
19-08-2006, 01:13 PM
Try this (http://www.simplysup.com/)

Download update it click on scan and then select the 3rd-7th option under the utils menu.

craigdele
20-08-2006, 02:15 AM
Thanks but Trojan remover does not detect this virus.


After removing this virus with Avast it returns after a reboot.

Dele

Speedy Gonzales
20-08-2006, 07:22 AM
Run it again then go to the file menu / select scan running processes.

Anything it says is a trojan / nasty get it to rename it / delete it.

beama
20-08-2006, 09:35 AM
when this virus is detected by Avast, does Avast report as being in system restore if so disable system restore reboot reable ( if you wish)

FoxyMX
20-08-2006, 10:26 AM
when this virus is detected by Avast, does Avast report as being in system restore if so disable system restore reboot reable ( if you wish)
Instructions available here (http://faqf1.net.nz/index.php?title=Viruses_%26_System_Restore).

silvero
20-08-2006, 03:51 PM
I would recommend:

disable system restore (FoxyMX's link above)
- full system scan with Avast
- download hijackthis from http://www.merijn.org/files/hijackthis.zip
- run it and look for autostart registry keys, particularly this one:
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\runonce 8j3m65.exe
Fix this one if you find it

If you are comfortable with regedit and deleting files in system folders, look for and remove the other registry entries and files as per this page:

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453094202

Alternatively, install the 30 day trial of CA/eTrust PestPatrol as it claims to remove Kolweb:
http://consumerdownloads.ca.com/pub/myeTrust/apps/pptrialr8.exe