Jump to content
xisto Community
joe.k

Trojan / Virus Problem ,please Help might be (hoon)

Recommended Posts

I have been infected with atrojan but i can detect it.
and i have detected Hoon trojan and deleted it ,but the symptoms of the trojan is still on my pcs network
"
all driver have an autoplay (right click by mouse)
and it gives my this message by d-click on any driver
**************
SYS.EXE

windows cannot find 'sys.exe',make sure you typed the name correctly and then try again.to search for a file ,clicl the start botton then clicl search

the virus was detected and deleted from all drivers:
C:\sys.exe
D:\sys.exe
E:\sys.exe
F:\sys.exe
G:\sys.exe

????????

iam using Mcafee Virusscan enterprose and is up-to-dated.
if any1 have any idea , please post


thanks in avance.

Joe

Share this post


Link to post
Share on other sites

That sounds like a bit (alot) of a problem if you ask me.Trojans (when I get them) usually lead me to formatting my computer.Where in the computer is "sys.exe" meant to be from anywhere?is it a system file or something?because if it is then that probably means a problem.

Share this post


Link to post
Share on other sites

This section tells you how to remove the threat.

 

Please follow the instructions for removing worms.

 

You will also need to edit the following registry entries, if present. Please read the warning about editing the registry.

 

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

 

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

 

Locate the HKEY_LOCAL_MACHINE entries:

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\

System Updater = sys.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\

System Updater = sys.exe

 

and delete them if they exist.

 

Each user has a registry area named HKEY_USERS\

\. For each user locate the entry:

 

HKCU\[code number]\Software\Microsoft\Windows\CurrentVersion\Run\

System Updater = sys.exe

 

and delete it if it exists.

 

Close the registry editor.

 

Check your administrator passwords and review network security.


Also look here:

https://www.f-secure.com/v-descs/wallon.shtml

http://www.processlibrary.com/en/directory/files/sys/

Share this post


Link to post
Share on other sites

You should use avg antivirus Free edition to remove this type of trojan. I've had this before i I used that program to remove it. It acctually works. If you need a link to the software, let me know!

 

Mike

Share this post


Link to post
Share on other sites
:P AVG ... i heared about it , but is it realy good ,i mean for enterprise Co.you had that virus ?? ... and it didnt Write your reg (registry) .... becaus my antivirus deleted the trojan but it had written the registry and aday later it got a complete control over my pc leading me to format all my drivers :P.now iam looking for blocking reg writing.so i think iam gona give it a try <_<.Joe

Share this post


Link to post
Share on other sites

Here is some information for everyone since I haven't seen anything posted with these tips yet. First of all, there is not one single anti virus/adware control that can find and solve every problem. However, here are three of the best I've ever seen and used. Used in conjunction with each other, I've been virus and adware free for well over three years. Also before I give the names of these products/services, there are some additional actions that should be taken before and after the removal of any files from your computer. Always make a backup of your registry prior to removing the files in question. After the removal is complete, you should clear your computers cache (memory, history, recycle bin, etc.) since the virus and or adware remover will continue to detect it as a threat while in reality the threat has been isolated. Also be sure to set up all of the security options to keep problems from occuring. Last but not least update you virus and adware programs frequently or set them up to update automatically. I try to do it once per week but no longer than once a month.Anyway, the three best removers that I have used are; AVG, Spybot and Panda online. AVG has a free version of anti virus and a free version of adware remover. The anti virus allows you to set up an option to immediately notify you in the event that you pick up a virus and you can terminate the virus before it becomes a problem. They also have an extensive virus encyclopedia with definitions and removal instructions for those stubborn viruses.Spybot is basic when it comes to adware removal. However it finds problems that most do not. In addition, Spybot will also automatically make a list of websites known for bad behavior and block those sites and or any downloading from those sites from occurring, plus an internet bad download blocker and a protection over all system setting which must be activated manually.Panda has developed a system whereby they check your system remotely from their servers. Again, they don't find everything but they find more than many others combind. Scans, disinfects and eliminates over 185,000 viruses, worms and Trojans from all system devices, hard disks, compressed file and all your email. It incorporates a powerful heuristic systemthat is enhanced with technologies, to detect unknown malware. It is updated at least once a day to detect the latest viruses and spyware to appear. You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.Just one last thing before I sign off. No matter what protection you use, it won't work if there's a hole in it :P So set it up properly and completely. I'm sure that you'll have the same success that I have had keeping my computer running clean quickly and smoothly.Good bye and good luck to allDominus

Share this post


Link to post
Share on other sites

You do not need to install any programs. Simply connect to the Internet and click whenever you want a second opinion on the security of your PC.

Panda required me to download and install an ActiveX plug-in. It's getting updates as we speak. I'll let you know of anything else.

Share this post


Link to post
Share on other sites

I thought first of all, you need to boot to Safe Mode to remove the trojan? I don't see anyone does that. Anyway, I've infected by Trojan previously and don't have to completely reformat my PC. There's a few steps I did.

 

1. First, download a McAfee Stinger from the website. Get the latest version so that they have all the latest trojan remover.

 

2. Get the Latest Trend Virus Pattern Files from Trend Micro. This virus pattern file are updated pretty often. So it will contain all the latest reported worm and trojan. These two are good enough. If not,

 

3. Get the free Ad-Aware SE. Nothing to lose. (You need to install it before going to the next step. And of course UPDATE IT)

 

4. Disable you System Restore.

 

5. Reboot your PC and enter safe mode. (If anyone doesn't know how, press F8 at startup and a black screen should appear, choose Boot to Safe Mode)

 

6. When you are at windows, run the 3 programs that you've downloaded. Always perform Full Scan for all drives you have.

 

7. After you've done your scan, run regedit.exe and see whether the file 'sys.exe' still in your registry. If there isn't, restart your windows to normal mode.

 

8. When your windows is loaded, run the 3 programs again. Remember Full Scan.

 

These are the steps I did to remove worms and trojans from my PC. It works for me. But of course other trojans and worms might not be effectively removed by these steps. There are some trojans that need specific procedures to remove.

 

Cheers.

Share this post


Link to post
Share on other sites

......

He says his antivirus has already detected and deleted the virus...

but he has the problem that when he double-clicks any drives it autoplays/autorun ....

 

To solve the autorun problem try this.

goto START > RUN and type command

after the command prompt is open

 

type these commands

 

c:

attrib autorun.inf -r -h -s

del autorun.inf

d:

attrib autorun.inf -r -h -s

del autorun.inf

e:

attrib autorun.inf -r -h -s

del autorun.inf

f:

attrib autorun.inf -r -h -s

del autorun.inf

g:

attrib autorun.inf -r -h -s

del autorun.inf

 

 

or if you dont know to use command prompt...

reply me and tell me how many drives you have...

and which drives give you this problem of autoplay.

 

If you feel / know that the trojan is spreading on your network.

You can try using Avast Anti-Virus Home Edition (its free)

After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)

And set Network Shield at high.

Edited by L33t BoTz (see edit history)

Share this post


Link to post
Share on other sites

Its very simple to fix this problem, if you cant get into your thumb drive by double clicking it and you receive the error message windows cannot find 'sys.exe',make sure you typed the name correctly and then try again.To search for a file ,click the start botton then click search.....make sure the virus is gone first of all.back up all your data on the disk that wont let you in....then reformat it.....put the data back on...and hey presto! it should work...it did with mine...hope this solves your problem-rick

Share this post


Link to post
Share on other sites

In our case, we had two people who had been out of country and picked up this trojan/virus. It was "simple" to remove following instructions found on the web. However, the nefarious part of this malicious software has been how it jazzed up registry settings and group policy to block attempts to remove or fix the problem. Further, when these two users tried to attach to shared drives on the network, they were blocked from doing so and an error message popped up indicating that 'the file sys.exe was not found, please contact your administrator to change permissions or password'. Turns out when they first connected to the network while still infected, apparently the autorun.inf was copied to the network drive. THIS ONLY HAPPENS WHEN YOU DOUBLE-CLICK ON THE DRIVE TO WHICH YOU ARE GOING TO ATTACH. That is when the files are copied to other drives, including thumb drives. Note that if the thumb drive was infected first [as was the case with our to users], anytime a drive is opened, the running process copies the autorun.inf and the sys.exe files to the drive that was just opened. One way to fix this is to right-click on the network drive [or any drive], Explore, show hidden and system files and delete the autorun.inf file. - prw-Waullygabsalot

Share this post


Link to post
Share on other sites

Help me please

Trojan / Virus Problem ,please Help

 

Replying to Sten

 

Yeah, it is a system file, and both my hard drive C: and D: is blocked, I can't open it, if I d-click the drives this will show "access is denied", what is the best option for this?

 

-reply by Brylle G.

Share this post


Link to post
Share on other sites

......

He says his antivirus has already detected and deleted the virus...

but he has the problem that when he double-clicks any drives it autoplays/autorun ....

 

To solve the autorun problem try this.

goto START > RUN and type command

after the command prompt is open

 

type these commands

 

c:

attrib autorun.inf -r -h -s

del autorun.inf

d:

attrib autorun.inf -r -h -s

del autorun.inf

e:

attrib autorun.inf -r -h -s

del autorun.inf

f:

attrib autorun.inf -r -h -s

del autorun.inf

g:

attrib autorun.inf -r -h -s

del autorun.inf

or if you dont know to use command prompt...

reply me and tell me how many drives you have...

and which drives give you this problem of autoplay.

 

If you feel / know that the trojan is spreading on your network.

You can try using Avast Anti-Virus Home Edition (its free)

After you install it it will ask you to scan HD during boot time. (when the virus is not avtive)

And set Network Shield at high.


I have had lots of trojans and normally when i get a virus that bad i have to format my computer because it is running so slow because of the virus i cant do now. Once i scanned it it was goin that slow it took 3 days to scan. I suggest you scan your computr and all the files you download regularry. Scan tht files before you open them and this should prevent you from getting viruses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.