Win32:Rootkit-gen detected -- BUT it is in a loop !!!

In my sysem, the Avast caught ip with a new virus,… I read abt this in just one location so far: http://vil.nai.com/vil/content/v_159809.htm

It disables most processes, including regedit, hides run button, and many many things…

it also copes has this file: c:\windows\nahsor.exe

and loads it into thememory/startup programs (which can be seen thru cntl+alt+del)

I somehow enable regedit, kills the c:\windows\nahsor.exe
enable regedit, etc

BUT the thinbg is happening in loop!

it comes back!!

any solution, please?

-= Clean your temporary files, then schedule a boot time scan…

-= For better results, download, install, update, and run a scan with Malwarebytes Antimalware to detect other infections that might have slipped over avast’s scan…

-= Furthermore, a HijackThis log will also help for a deeper investigation… :wink:

i was tired in the last 24 hours… so formated hard drive, and now its fine. I know the infection is still present in the external drive.

I trust on Avast… recommend this to all my clients…
so Avast should not fail!

For your external driver, let it plugged and run Autorun Eater or Flash Disinfector, allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.

In my laptop … there is c: and d:

and yesterday I hv reformatted c: and installed windows on c:… BUT the virus was sitting in d: I am sure… after installing the the registary was disabled, and all other usual staf happened!!
so I had to format both drives and reinstalled windows xp. I notice that it can do nothing to Vista.

So I am still hesitating to attach teh external drive into the computer

Hey Tech: As per you suggestion i hv installed Autorun Eater and then prayed GOD and plugged the externl drive… and It seems it worked !!

The Autorun Eater found the .exe virus in the autorun.inf file … i simply deleted the file without a second thought!

Thanks a lot!

:slight_smile:

You’re welcome. If you want to help me, don’t thank me, just sign up & use (sign up only is not enough) Mozy to get 2,200 Mb for free remote backup system. Enjoy its safety!