Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: NSVC.EXE Virus

  1. #1
    Junior Member
    Join Date
    Oct 2003
    Posts
    4

    NSVC.EXE Virus

    Anyone have any experience removing this virus. It involves an autorun.ini file and a recycler folder coming up and damaging certain MS Office files and writing information to the registry. Symantec does not remove this in the virus scan and there is no indication that they are going to handle this.

    We are not switching to another virus software program so we would need an independent program that we would be able to run to specifically deal with this issue and possibly prevent it in the future. Let me know if you have any ideas or programs we can run.

    Thanks,
    Joel

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    If symantec isnt catching it...how do you know you have it????

    Usually practice is to disable system restore and scan in safemode

    MLF

    edit>this appears to be old...like from 2006???

    maybe try something like malwarebytes??

    what version of symantec do you have.....??
    Last edited by morganlefay; May 28th, 2009 at 04:02 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Junior Member
    Join Date
    Oct 2003
    Posts
    4

    NSVC.EXE

    I know we have it because it acts, in some ways, similar to the MSN messenger virus in that it replaces the icon of a flashdrive with a folder icon...also because we are intelligent. It also replaces itself after you delete in regular mode.

    It jumps from your flashdrive to the pc and vice versa. You must delete it in safe mode. Although, you must clean out the recycler in the c: drive first. Then delete the 'Recylcer' folder and the 'autorun.ini' file in the flashdrive in safe mode.

    Thanks for the help.

  4. #4
    .. No AV will catch all the malware out there..

    If you know there is a malware on your machine and is harmful you can submit a copy of the file to Symantec, I am not going to deny the fact that Symantec support $ucks ! But that is one way to go..

    You may go through other AV vendor website to see how it works (infects) and to ensure your machines are disinfected properly.


    As for this malware :

    http://www.prevx.com/filenames/15341.../NSVC.EXE.html

    This is the only useful link I found *from AV vendors* there are couple of forum's out there talking about it.

    I am sure your company has signed an agreement with Symantec. Depending on SLA signed upon you can claim for damages.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Very nasty, that one.

    I inserted a flash disk of a friend into my system and it immediately hijacked the Admin rights and I couldn't use the Windows Explorer Folder Options anymore, particularly to view what invisible (system) files have inserted themselves into my HDD.

    My AV then was Avast!. (Prior to that, I had Symantec NAV until it expired, then AVG). It failed to catch the intrusion attempt.

    Anyway, what I did was to download Comodo Internet Security and after installing and reboot-scanning, the infection was removed... and I regained the Admin rights.

    However, the removal is not complete. The Recycler and System Volume Information folders remain. I have long been trying to remove them (they were never there when you install a new system on a new PC or laptop or netbook) to no avail.

    There's a problem in the Recycler folder; most especially when you are low in HDD available space. It always creates a mirror list and size of all the files you delete and send to the Recycle Bin. You can only remove those mirrors if you purge your Recycle Bin--hence caution must be exercised if you delete a file with plans to restore it later.

    The presence of the Recycler and System Volume Information are like ugly scars of a past chicken pox infection. Couldn't get rid of it, it will stay there (and I hope someone will suggest how to eliminate them without reformatting and reinstalling software packages).

    If you see the folder in the USB Flash Disks, you can easily remove them. But in a PC or laptop HDD, no can do.

    The proliferation of autorun.inf files nowadays that are not always clean is the main source of virus, trojan and malware infiltration, IMHO. Hence, it is important to have an anti-virus that "realtime virus scanning" ability and will immediately halt the execution of any application or program until further user action. That is the attribute I found with CIS. I have a laptop with Symatec's Norton Antivirus 2009 installed but it hasn't been a good sentry and the Vista OS has already crashed twice when an infection/infiltration occurs.

    -G
    Si vis pacem, para bellum!

  6. #6
    Junior Member
    Join Date
    Oct 2003
    Posts
    4
    Have you tried to Shift+Delete the autorun.ini file and the Recycler folder? This bypasses the recycle bin and permanently deletes them. But, still no fix for preventing something like this from happening again.

  7. #7
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    mmmmmmm

    cant you just disable autorun ???

    http://support.microsoft.com/kb/967715/

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  8. #8
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Quote Originally Posted by jaustin View Post
    But, still no fix for preventing something like this from happening again.
    Press and hold the Shift key while inserting the cd/pendrive/usb hd/whatever.

    Or just disable autorun altogether.

    http://support.microsoft.com/kb/967715

    (MLF beat me to it )
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  9. #9
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Great minds think alike Sir Dice

    hey...give me some of that vino

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    You know the more I read this thread...the less sense it makes??

    How would you know the name of the virus....if it hasnt been caught??
    How would you know its behaviour....unless you know the name???
    Where did you guys gleen your info about this virus??...cause I am not seeing much info on it at all.....which all comes back to

    How do you know you have this virus...

    AFAIK System Volume Information and Recycler are normal windows files??? not remnants of a virus....although virii like to hide in there...thats why you disable system restore and scan in safe mode

    The System Volume Information folder is a hidden system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer.
    http://support.microsoft.com/kb/309531

    Am I the only one confused on this??

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Similar Threads

  1. Abbr: history of the computer virus
    By E5C4P3 in forum AntiVirus Discussions
    Replies: 12
    Last Post: April 30th, 2013, 08:05 PM
  2. Virus Research Information: What Are The Different Kinds?
    By Spyder32 in forum The Security Tutorials Forum
    Replies: 18
    Last Post: September 3rd, 2004, 11:23 PM
  3. The Bulgarian and Soviet Virus Factories
    By foxdie in forum AntiVirus Discussions
    Replies: 11
    Last Post: April 4th, 2004, 02:52 AM
  4. Black Wolf's Guide to Memory Resident Viruses.
    By ahmedmamuda in forum AntiVirus Discussions
    Replies: 2
    Last Post: March 20th, 2002, 02:03 AM
  5. So you want to learn about Viruses.
    By 3ntropy in forum AntiOnline's General Chit Chat
    Replies: 10
    Last Post: March 4th, 2002, 11:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •