-
May 28th, 2009, 03:34 PM
#1
Junior Member
NSVC.EXE Virus
Anyone have any experience removing this virus. It involves an autorun.ini file and a recycler folder coming up and damaging certain MS Office files and writing information to the registry. Symantec does not remove this in the virus scan and there is no indication that they are going to handle this.
We are not switching to another virus software program so we would need an independent program that we would be able to run to specifically deal with this issue and possibly prevent it in the future. Let me know if you have any ideas or programs we can run.
Thanks,
Joel
-
May 28th, 2009, 03:53 PM
#2
If symantec isnt catching it...how do you know you have it????
Usually practice is to disable system restore and scan in safemode
MLF
edit>this appears to be old...like from 2006???
maybe try something like malwarebytes??
what version of symantec do you have.....??
Last edited by morganlefay; May 28th, 2009 at 04:02 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 28th, 2009, 04:31 PM
#3
Junior Member
NSVC.EXE
I know we have it because it acts, in some ways, similar to the MSN messenger virus in that it replaces the icon of a flashdrive with a folder icon...also because we are intelligent. It also replaces itself after you delete in regular mode.
It jumps from your flashdrive to the pc and vice versa. You must delete it in safe mode. Although, you must clean out the recycler in the c: drive first. Then delete the 'Recylcer' folder and the 'autorun.ini' file in the flashdrive in safe mode.
Thanks for the help.
-
May 28th, 2009, 04:32 PM
#4
.. No AV will catch all the malware out there..
If you know there is a malware on your machine and is harmful you can submit a copy of the file to Symantec, I am not going to deny the fact that Symantec support $ucks ! But that is one way to go..
You may go through other AV vendor website to see how it works (infects) and to ensure your machines are disinfected properly.
As for this malware :
http://www.prevx.com/filenames/15341.../NSVC.EXE.html
This is the only useful link I found *from AV vendors* there are couple of forum's out there talking about it.
I am sure your company has signed an agreement with Symantec. Depending on SLA signed upon you can claim for damages.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
May 30th, 2009, 11:06 AM
#5
Very nasty, that one.
I inserted a flash disk of a friend into my system and it immediately hijacked the Admin rights and I couldn't use the Windows Explorer Folder Options anymore, particularly to view what invisible (system) files have inserted themselves into my HDD.
My AV then was Avast!. (Prior to that, I had Symantec NAV until it expired, then AVG). It failed to catch the intrusion attempt.
Anyway, what I did was to download Comodo Internet Security and after installing and reboot-scanning, the infection was removed... and I regained the Admin rights.
However, the removal is not complete. The Recycler and System Volume Information folders remain. I have long been trying to remove them (they were never there when you install a new system on a new PC or laptop or netbook) to no avail.
There's a problem in the Recycler folder; most especially when you are low in HDD available space. It always creates a mirror list and size of all the files you delete and send to the Recycle Bin. You can only remove those mirrors if you purge your Recycle Bin--hence caution must be exercised if you delete a file with plans to restore it later.
The presence of the Recycler and System Volume Information are like ugly scars of a past chicken pox infection. Couldn't get rid of it, it will stay there (and I hope someone will suggest how to eliminate them without reformatting and reinstalling software packages).
If you see the folder in the USB Flash Disks, you can easily remove them. But in a PC or laptop HDD, no can do.
The proliferation of autorun.inf files nowadays that are not always clean is the main source of virus, trojan and malware infiltration, IMHO. Hence, it is important to have an anti-virus that "realtime virus scanning" ability and will immediately halt the execution of any application or program until further user action. That is the attribute I found with CIS. I have a laptop with Symatec's Norton Antivirus 2009 installed but it hasn't been a good sentry and the Vista OS has already crashed twice when an infection/infiltration occurs.
-G
Si vis pacem, para bellum!
-
June 2nd, 2009, 05:09 PM
#6
Junior Member
Have you tried to Shift+Delete the autorun.ini file and the Recycler folder? This bypasses the recycle bin and permanently deletes them. But, still no fix for preventing something like this from happening again.
-
June 2nd, 2009, 05:59 PM
#7
mmmmmmm
cant you just disable autorun ???
http://support.microsoft.com/kb/967715/
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
June 2nd, 2009, 06:05 PM
#8
Originally Posted by jaustin
But, still no fix for preventing something like this from happening again.
Press and hold the Shift key while inserting the cd/pendrive/usb hd/whatever.
Or just disable autorun altogether.
http://support.microsoft.com/kb/967715
(MLF beat me to it )
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 2nd, 2009, 06:25 PM
#9
Great minds think alike Sir Dice
hey...give me some of that vino
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
June 2nd, 2009, 07:14 PM
#10
You know the more I read this thread...the less sense it makes??
How would you know the name of the virus....if it hasnt been caught??
How would you know its behaviour....unless you know the name???
Where did you guys gleen your info about this virus??...cause I am not seeing much info on it at all.....which all comes back to
How do you know you have this virus...
AFAIK System Volume Information and Recycler are normal windows files??? not remnants of a virus....although virii like to hide in there...thats why you disable system restore and scan in safe mode
The System Volume Information folder is a hidden system folder that the System Restore tool uses to store its information and restore points. There is a System Volume Information folder on every partition on your computer.
http://support.microsoft.com/kb/309531
Am I the only one confused on this??
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
Similar Threads
-
By E5C4P3 in forum AntiVirus Discussions
Replies: 12
Last Post: April 30th, 2013, 08:05 PM
-
By Spyder32 in forum The Security Tutorials Forum
Replies: 18
Last Post: September 3rd, 2004, 11:23 PM
-
By foxdie in forum AntiVirus Discussions
Replies: 11
Last Post: April 4th, 2004, 02:52 AM
-
By ahmedmamuda in forum AntiVirus Discussions
Replies: 2
Last Post: March 20th, 2002, 02:03 AM
-
By 3ntropy in forum AntiOnline's General Chit Chat
Replies: 10
Last Post: March 4th, 2002, 11:32 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|