Found a virus and i cant delete or remove it

Hai i’m new in using comodo,today when i scan my usb i found a virus conficker type,and i cant remove it with comodo,it’s said “Not all the threats have been succesfully quarantined!” ,and the comodo want to restart my computer (i’ve restart my computer but the virus still in there) what should i do?any suggestion?

Thanks :slight_smile:

[attachment deleted by admin]

Conflicker as such is never cleaned by COMODO, it was a long persisting problem.

If you are an advanced user and know some system tweaking, here is how you can delete it.

In Explorer Folder options

  1. Enable “Show Hidden Files”
  2. Disable “Hide Protected Operating System Files”
  3. Disable “Use Simple File Sharing”

Now, you can see the folder containing KIDO virus in Windows Explorer.

Right click on the folder, go to Properties–Security

Add a new user “Everyone” and give “Full Permissions”, you may need to go to “Advanced” and check “apply to all sub folders” too. Click OK.

Now, you can either scan it with CIS, so that it identifies and deletes the sample. or You can simply select the file and delete it.

Do not forget to delete the “autorun.inf” file in the root of the usb drive, which is also associated with the same conflicker virus, although CIS may or may not show it as malware.

Many thanks for the suggestion SivaSuresh :slight_smile: ,

i’ve do like your said,but i still cannot delete the file(i’ve success delete the autorun)btw what is CIS? ,and the comodo keep want me to restart the computer,should i restart it?

Thanks :slight_smile:

CIS stands for Comodo Internet Security.

You do not need to restart and it’s useless to restart.

Are you able to see the .vmx file in the folder ?
If yes, what error are you getting when you try to delete the file manually from the folder?

Yes i able to see the .vmx file in the folder,when i trying to delete it it’s said “access is denied,make sure the disk is not full protected and the file is not currently in use.”

Any suggestion?

Thanks :slight_smile:

It means you could not change the folder permissions correctly. May be these screenshots help you.

These are the screenshots taken on Windows 7, on XP it is much simpler.

[attachment deleted by admin]

sometimes, the commandline is the only thing that works.

The easiest would be to plug the usb to a linux os and then delete the suspect file. Or you can

  1. go to command prompt.
  2. Now input “attrib -s -h -r -a .” without the quotes (. means any file name with any extension. In other words, all files and folders).
  3. Then “del virusname.extension autorun.inf”.

If the host is already infected, it will be a bit more difficult.

  1. Find the suspect file. This should be the priority so you could easily delete all instances. Autoruns, startup lists, and MSConfig can help you. Don’t delete anything. Just find out where they are. Usually there are three copies of the file. In the users folder, in the main drive, and in other drives present.
  2. Reboot in safe mode and repeat the process above (command prompt to deleting). To be on the safe side, run ccleaner and clean previous system restore images.

Or if safe mode is unavailable,

  1. go to command prompt.
  2. Input “tasklist” and identify the virus image name.
  3. Now input “taskkill /f /t imagename” to forcefully kill the virus from the process and all other processes launched by the virus.
  4. Now you can proceed to cleaning/deleting the virus.

In other cases, the steps are less complicated. Simply go to Tools > Options > View tab, untick Hide extensions for known file types, then apply. Now remove the extensions of the virus(es) and replace it with something like *.quarantine or *.p4l8!3. Reboot. Locate the renamed files then delete. Reboot again then use a registry cleaner and an antivirus scanner to remove leftovers.

Thanks for the help SivaSuresh & spainach_12 ,your suggestion help me alot :slight_smile: