Infected Trojan Iyus-V

system · November 22, 2008, 7:37pm

Hi,

i’m infected (11.20.2008) by troj/iyus-V http://www.sophos.com/security/analyses/viruses-and-spyware/trojiyusv.html

Avast free (last edition and update) can’t detect it so it does not remove

The virus is in Mshelp.exe and create sqla.dll

Msconfig → run → Mshelp.exe

(XP Mediacenter SP3)

How can i remove this Troj ? Thank’s

system · November 22, 2008, 7:55pm

Welcome to the forums, Eric.

I would suggest that you download, update, and then run malwarebytes antimalware.

You can get it at this link : http://www.malwarebytes.org/rogueremover.php

DavidR · November 22, 2008, 9:55pm

Before running any other programs that would delete/quarantine the files.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that. Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). This process has been modified in the latest version to make it easier, it doesn’t actually get emailed, but transferred when the next avast auto (or manual) update is done.

polonus · November 22, 2008, 10:22pm

Hi EricFr,

The removal instructions are elaborately and amply discussed on the Sophos page:
http://www.sophos.com/security/analyses/viruses-and-spyware/trojiyusv.html
Mind you that on cleansing you disable system restore and use safe mode, and make a copy of the registry in case anything would go wrong, then meticulously work through the instructions given.
If a run of MBAM could clear all of it or a SAS sweep so much the better, download from here:
http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE

If any signs of the trojan remains you could use the method I sketched to you in the first four lines of this posting,

polonus

P.S. Je vous souhait le bon weekend…

system · November 23, 2008, 1:27pm

Thank all,

Only MBAM clean the Troj

Merci Bonne journée

Infected Trojan Iyus-V

Announcements