big problem

the following files are infected:

c:\windows\bipw.exe
Virus: Win32:NcaseSpy [Trj]

c:\windows\system32\winservn.exe
Virus : Win32:Clspring-pkg [Trj]

I couldnt repair the files.
Since the files path are under C:\windows ,
Im not sure if I can delete or move them .
does anybody know if I can delete those files ?
hopefully u guys know what I can do . ???

See the attachment for the virus report.

Hi,

trojans can’t be repaired, just deleted…

What Win do you have ? XP Home or PRO ?

Info & Removal for clspring-variants:
http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=clspring&product=0
Removal should also work equivalent to the procedure below

Ncase:

  • there should some topics on this one yet, use the board search above

  • scan the file with Onlinescanners from Trendmicro, ravNTIVIRUS AND kASPERSKY/KAV; post the exact names here

  • kill processes related to bipw.exe

  • Remove any entries for “bipw.exe” in the registry or via msconfig/autostart

  • reboot PC in safeMode and delete file bipw.exe or, if that’s still not possible: open a Dos-Window and type:

c:
cd windows
ren c:\windows\bipw.exe bipw.vir

after the next reboot, deletion should be possible :wink:

whocares
thx for ur concern :slight_smile:

Im using Windows 2000

Im not sure if I can delete the infected files ,
because they belong to to windows system.
Probably Windows requires those files to operate.
It might harm windows if I delete the files.

Are u absolutely sure that I can delete those files ?
???

Hi,

I’m not dead sure, as I’m not sitting in front of your PC, but:
Trojans & worms usually don’t INFECT existing files, but rather/often drop copies of themselves in the windows or system folders, or use names sounding like windows-files, to prevent the user from deleting them

I’d advise you to delete them, otherwise read more in the supplied links, or use additional scanners to check the files, like Trend and KAV (see below)
:wink: