 |
 | New Virus!! |  |
|
dexta
|
|
Hi,
Does anyone know how to remove Trojan.Bakaki from the machine? Clamwin detected it but cannot remove nor clean the system The virus is using smss.exe name and is everywhere in the machine It opens C:\ every time the machine is started and if you attempt to open regedit it opens C:\ Its wrecking havoc on my machines and all other anti-viruses cannot detect it! regards |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
Do some research on Google for that virus name. Also, below are some sources of help on the Web.
AVG's free site has a good removal tutorial at https://forum.grisoft.cz/freeforum/read.php?4,27725,backpage= Bleeping Computer Dot Com has a good guide to removal/disinfiection at https://www.bleepingcomputer.com/tutorials/tutorial101.html Castle Cops self help at https://wiki.castlecops.com/MRP Major Geeks has a list of fake/dangerous security programs at https://forums.majorgeeks.com/showthread.php?t=79754 Some other AV vendors have manual disinfection information: F-Secure's virus search/descriptions is at https://www.f-secure.com/v-descs/ Kaspersky's site has general information at https://www.viruslist.com/en/viruses/encyclopedia?chapter=153280800 McAfee's threat library contains helpful information/resources at https://vil.nai.com/vil/default.aspx Symantec's threat search is up-to-date with removal instructions at https://www.symantec.com/business/security_response/threatexplorer/threats.jsp Trend Micro's virus search is at https://www.trendmicro.com/vinfo/virusencyclo/ Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
dexta
|
|
I have been to all AV developers i know of and there is no information on Trojan.Bakaki.
Clamwin is detecting it but cannot remove it!! It seems like i will have to format my machines and loose all data especially those in folders, by the way i have already formatted on machine now in this case scenario will have to loose all back-up in the server coz it is also infected. Just holding back coz dont want to loose all the information stored in it but i dont know for how long before a solution is found. Anyway thanx for the assistance. Regards |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Okay. Below is a source of some info about the critter. As a last resort, you might download a copy of Dr. Web's free Cureit, make sure it is updated, and run a scan with it to see if it can clean up.
https://www.nictasoft.com/virus-lib/detail.php?ID=1076 Regards, |
|||||||||||
|
Last edited by GuitarBob on Fri Feb 15, 2008 3:59 pm; edited 1 time in total
|
|||||||||||||
|
| |
|
dexta
|
|
I would like to post a report from clamwin scan so u see some detail of the virus, but it generate error when i submit this page.
Below is an extract of the scan report: .......... C:\Documents and Settings\Admin\My Documents\downloads\images\smss.exe: Trojan.Bakaki FOUND WARNING: \\?\C:\Documents and Settings\Admin\My Documents\downloads\images\smss.exe: Can't remove .......... This is replicated in so many folders in the system by count they are more than 120 files of smss.exe excluding the genuine ones in windows system32 and backup used by windows. This is what i found as u had posted earlier: Trojan.Win32.Bakaki.a but does not match with what clamwin found, again the files created by the virus in my system is simply smss.exe, it also creates another file autorun.inf in all removable drives eg flushdisk, cd-r, cd-rw and all recordable media connected to the system.... Any light at the end of the tunnel..... If i could post the virus to the developers of AV it could help but they always rely themselves catching the virus or large organizations getting infected... I simply have no idea what to do. |
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
Here's some additional info below in Item 1. SMSS is a valid file in the windows\System32 directory. From the extent of your infection, it's probably trojan spyware and maybe a rootkit is also involved. Could you maybe restore your system(s) back to a time prior to the infection? You might also try a scan in Windows Safe Mode on one of the infected machines, and see if that helps. Also try an antirootkit scan--AVG Antirootkit and Trend Micro Rootkit Buster are very easy to use. Rootkit Unhooker and GMER are probably the best antirootkits, but you have to know what you are doing to use them. That's about the help available here. Item 2 below lists some more help. Good luck!
Item 1: File: smss.exe Security Rating: This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang). Note: The smss.exe file is located in the folder C:\Windows\System32. In other cases, smss.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager. Virus with same name: W32.Dalbug.Worm - Symantec Corporation Adware.DreamAd - Symantec Corporation W32.Resdoc - Symantec Corporation Adware.Advision - Symantec Corporation Backdoor.IRC.Flood.F - Symantec Corporation Backdoor.IRC.Aladinz.O - Symantec Corporation and more... Item 2: Experienced Free Malware Removal Assistance A-Squared (Emsisoft) (with initial self help) at https://forum.emsisoft.com/Default.aspx?g=topics&f=38 Bleeping Computer Dot Com (with initial self help) at https://www.bleepingcomputer.com/ Castle Cops (with initial self help) at https://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction Malwareteks (same personnel at Emsisoft) (with initial self help) at https://www.malwareteks.com/forum.html Spyware Warrior has free help and a list of rogue antispyware products at https://www.spywarewarrior.com/index.php Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
zimba21
|
|
can some please tell if this will get rid of xpantivirus protectiom i am not computer minded if some one can help please keep it simple thanks
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
You broke in on another thread--you should have started a new one, but here's my very unofficial answer. XPprotection is a rogue spyware program. I don't know if ClamWin will detect it--you can try it and see. Most antivirus software doesn't provide complete spyware protection like a dedicated antispyware program will. If you are currently using a paid commercial antivirus or software program, I suggest you contact them for help.
If you aren't using paid commercial antivirus or antispyware software and aren't very computer literate, my recommendation is to download two programs: (1) AVG antivirus free edition 7.5 at https://free.grisoft.com/doc/5390/us/frt/0 on the Web and (2) the free home users version of SuperAntiSpyware at https://www.superantispyware.com/ on the Web. This link will provide you with complete information about XPprotection: https://www.411-spyware.com/remove-xp-antivirus-protection on the Web. If you can't remove it by yourself, then perhaps you can get someone who is more computer literate to use it to help you. The link will come in handy. Good luck. Regards, |
|||||||||||
|
|||||||||||||
|
 | New Virus!! | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.