Comodo accurately finds files on my system, infected with Kido/Conficker/Downadup, but is unable to deal with the files. regardless of whether I select quarantine, or remove, the files remain behind and are found continuously.
I’ve tried taking ownership, using several file Shredder utilities, nothing touches these files
How can I get Rid of them?
What is the exact name of the malware found? And where did CIS find it?
Comodo reports the virus as Kido. Researching this I found it also goes by the name Downadup and Conficker.
I had a bit of an outbreak at home and at our Office (5 users)
Everything about the infection matched the classic symptoms of Conficker
Typically the files I am having trouble removing are the autorun.inf files placed in the root of every volume, from where they get into the recycler, and sysvolinfo. Also the randomly named dot vmx files which are left in various locations. See Snip of Event log attached
[attachment deleted by admin]
Did you try to restart
2)any file that refuses to be deleted, use malwarebytes (at more tools) program called “fileassassin” <–if that fails, try doing from windows safe mode
3)1) disable “autorun” for usb connection.
To do this with xp
http://www.filehippo.com/download_tweakui/
find autorun and disable it
to do this with vista
http://www.howtogeek.com/geekers/DisableAutoPlay.zip
* DisableAutoPlay.reg will disable autoplay entirely.
* DisableAutoPlayRemovable.reg will disable autoplay on removable devices.
5)after computer gets cleaned, delete your old system restore files and create a new one
P.S. autorun.inf
This sounds likes someone brought a infected disc or a usb memorystick from an outside source. Just a idea
If your still stuck, download a-squared free from www.filehippo.com. update it then run it
Acctually i think it delet them all this is just notfying if virus detected but when you see success that means it can delete them so my tip for you just do a full scan :-TU
Thanks to everyone for all the suggestions.
After repeated scans, reboots etc, I seem to have gotten on top of this, and all the files are finally deleted.
I now occasionally get one popping up, but they now delete gracefully when told to.
This whole exercise has raised the question in my mind of how CIS actually Quaratnies infected files.
There does not seem to be a specific quarantine location ( no ptions to specify where it should be located), so I assume that the CIS locks the file down in situ, to prevent any activity, and then puts entries in the Quarantine Database. Is this correct?
Or
Is there actually a quarantine location into which the infected files are physically moved? If so, where is it?
It actually when find a virus ask you question you can answer by three things like remove , quarantine or just ignore like in this picture
http://upload.wikimedia.org/wikipedia/en/a/ab/Antivirus_Alert.JPG
a quarantine location into which the infected files are physically moved?there really moved, but the problem is virus replaces the file that got removed
Basicly you got to clean it all in one sweep, but not part of it because they will come back. T
he anti-virus can only detect part of it which is the problem, the virus repairs itself
I think you should use an disinfecte antivirus sanner first like doctor web cureit so you don’t lose your important data