win32:Kates-AL [tr]

Viruses and worms
1

The brother’s XP system has been infected with a trojan/worm, he uses avast 5 but it got past it, the trojan creates a temp file “yighyvp.tmp” and this is the only part of the infection avast can find, which it promptly labels as win32:Kates-AL [table][tr][td].

Anybody got any ideas on how to kill this thing, before it completely cripples his system and I end up having to reformat his HDD.

Preferably something that can be run from a CD as this thing cripples apps on install & blocks downloads.

2

Start with this, it may work

Check your computer for Malware with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
after install click UPDATE and run quick scan, click on REMOVE SELECTED to quarantine anything found

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

If anything is found come back and post the scan logs here

3
Preferably something that can be run from a CD as this thing cripples apps on install & blocks downloads.
Dr.Web® LiveCD http://www.freedrweb.com/livecd/ How does it work? http://www.freedrweb.com/livecd/how_it_works/

Hitman Pro 3 - Second Opinion Malware Scanner http://www.surfright.nl/en/hitmanpro
How to start Hitman Pro in Force Breach mode http://www.youtube.com/watch?v=m6eRWTv2STk

4

Hi Bejaymac,

Download the file from http://jpshortstuff.247fixes.com/beta/DaonolFix.exe (“DaonolFix (15.04.09) by jpshortstuff”, 98KB, MD5:7dc34c4d75b4a7aa9b515e2dfd3d0782) and save it e.g. to your desktop. Launch the program with a double click.

Select Option “1. Find Daonol (no fix)” to search for malicious entries (Step 1 above). The program will then list a lot of files - don’t worry, they are just being scanned. Finally a report will open up, that also gets saved to your desktop as DaonolFix.txt. If needed, copy the contents of that file into the forum, as described above for the drivers32.txt. Watch out for lines that have been marked “<<-- Daonol Detected!” at the end, those are the ones we hunt for here.

The Option “2. Fix Daonol” will remove those suspicious entries (Step 2 above).

Please also continue with steps 3 and 4 from above afterwards!

polonus