Saiweb

Nasty little bug this one, it’s a mutator, and despite having booted the machine into safe mode, used process explorer to kill every process it hooked into and finally having to use a command window to remove the offending .dll, once this thing got an active internet connection the fun and games started again!

The best thing you can do is go strait for the removal tool here

There is also links on that page for more information on the virus.

I suggest you remove the infected machine from having any network connection, download the removal tool to a known “good” workstation, and load the .exe onto removable storage (usb), to be run on the infected machine.

UPDATE: Just using the tool for me at least isn’t working! I am now trying this in safe mode.

UPDATE2: OK! Wonderfull the symantec removal tool is not working at all I am trying another tool VundoFix

I’ll post anoth update once the scan has finished

UPDATE3: Nope, role on tool #3 COMBOFIX

UPDATE4: Combofix did the job, this tool does advertise the fact that 1/100 machines die from running this tool, so if the symantec tool doesn’t work use combofix (at your own risk). NOTE: I ran this in safe mode, it then rebooted windows normally and ran the log dump, the system may hang while it does this, mine recovered after about 5 mins, I also copied the program to C:\ prior to running.

This entry was posted on Monday, March 31st, 2008 at 8:45 am and is filed under Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.