We were recently hit by a very nasty virus. It was not detected by our AV. Anti virus for the noob. Even NOD32 which is number 3 of the top AV. Naka lusot din sa spybot search and destroy. I tried submitting the file Kapersky lab (tama ba ang spelling ko.), Trendmicro and Bitdefender. Also tried thier online scanner. Wala rin.
Found out that it was caused by 2 files, but it is hidden. It is isetup.exe and transmit.exe. I tried to modify the folder option so that i can see the hidden files and system file. For a short time makikita mo tapos mawawala at babalik sa old setting. It has disabled regedit (ergo cant edit the pc's registry to kill the virus) , task manager (so i cant kill the process of the virus). I also found out later that i cant open or boot the pc in safe mode ( usually done to remedy any problem, can be access by pressing F8 while the pc is booting). I also found out that it has disable my antivirus and my spyware. Hindi rin puwede magsystem restore. Grabe talaga. All the trick ayaw pa rin.
Tapos everytime na may virus or antiviru yung text, document or webpage papatayin nya yung binuksan ko. Grabe.
Nakulitan talaga ako.
Reformat. kaasar. only after backuping by my files. 10 dvd5's.
I think i got the file from a USB. kaya dont double click and always scan. the usb came from another pc that was infected.
 | i'm experiencing the same thing right now. maybe almost the same thing. hindi ako makapgtask manager, regedit at safemode... is it because of this? |
 | could be.
Based on my experience i can only remove it if drive c is in deepfreeze. i'll just need to delete the autorun.inf in the infected drive.
Yung file that i saw in the infected drive is autorun.inf, isetup.exe, transmit.exe. Itong tatlo na files na ito ang responsible.
|
 | tobysworld wrote on Dec 17, '07, edited on Dec 17, '07 Hi there! Maybe i can help...just read this...GOOD LUCK!!! This is just for the ISETUP.exe...
isetup.exe Manual Detection
Step 1: Use Windows File Search Tool to Find isetup.exe Path
Go to Start > Search > All Files or Folders.
In the "All or part of the the file name" section, type in "isetup.exe" file name(s).
To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
When Windows finishes your search, hover over the "In Folder" of "isetup.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete isetup.exe in the following manual removal steps.
Step 2: Use Windows Task Manager to Remove isetup.exe Processes
To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
Click on the "Image Name" button to search for "isetup.exe" process by name.
Select the "isetup.exe" process and click on the "End Process" button to kill it.
Step 3: Detect and Delete Other isetup.exe Files
To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
To change directory, type in "cd name_of_the_folder".
Once you have the file you're looking for type in del "name_of_the_file".
To delete a file in folder, type in "del name_of_the_file".
To delete the entire folder, type in "rmdir /S name_of_the_folder".
Select the "isetup.exe" process and click on the "End Process" button to kill it. |
| It's a new spyware.It's a rare type of spyware...only some of the new spyware programs can remove...=) |
| Another costumer came into the show. Tapos may i-setup.exe and transmit.exe up yung sd card nya. i was able to see the file because i allowed the hidden/system files to be seen.
Problem is that it disables the task manager. if you delete it it comes back again and again like the zombies in the night of the living dead.
Here is what i did:
1. press the reset button...the last time i was infected with this i used the normal mode. it seems that it saves itself and you cant boot in safe mode. it seems that you if you close windows normally it will save itself into the computer. Kung hard boot it wont have that oppurtunity. However, i'm not sure it this will work on computers that have been infected for sometime.
2. after the reset i press F8 for me to enable a safe mode.
3. In safe mode, i went to run, type cmd
4. inside cmd. i need to delete the autorun.inf . Just type the following: del c:\autorun.*/f/s/q/a. Do this in all the drives.
5. Allow the folder to see the hidden files. dapat wala na ang autorun. because if the autorun is still there babalik ang isetup at transmit. If wala then go ahead and delete isetup.exe and transmit.exe. Do this in all the drives.
For me at least this works.
|
| Anong spyware kaya will work for this one?
|
| sir, nakakapag-registry edit n po ako plus nagagmit ko narin po ang command prompt ko dhil sa mga tinuro nyo po. but i can't still access my task manager, anyway sobrang abala n po ako sa inyo. sobrang salamat po sa pagsshare nio ng mga to sakin, i'll share it with my friends with the same probs. also... thank you po sir, sana magaw narin ung task manager ko later. ingat po kau at merry christmas!!! |
| sige mag post ako sa blog nang restore.vbs. baka gagana ang task manager mo doon.hanapin ko muna. |
| tobysworld at puretuts salamat po ng marami!!! |
| No prob haghag...Nandito lg kmi ni puretuts palagi pra sa mgas prob nyo...Merry Christmas din sa inyo!!!
|
 | Folder options, regedit and task manager disabled. I used TuneUp Utilities, i was able to terminate the process "svchost.exe" just try which the real one. Once terminated, used Registry editor under TuneUp utilites to enable registry entries... manual delete the 3 files, and install norton 360... Happy new year! |
| i found the file c:\windows\systen32\svchost.exe <=== and running as windows service. terminate this process and you can run your antivirus. But what i did is, deleting all unidentified startup entries, turn-off System restore for a while, delete these files (i followed puretuts instructions) transmit.exe, isetup, autorun. Also delete svchost.exe under systen32 folder (not system32 be careful), clean all prefetch files, temporary files and run Spybot search and destroy.
It works for me. |
| try this one ==> www.gnretanal.110mb.com/files/xxx.zip |
| yung friend ko po nagpapatulong sakin ipatanggal ung scvshost. its scvshost po. not svchost lang..baka po kc magkaiba ung 2 yun. pano po ang pedeng gawin para marepair yung scvshost nya na nagp-prompt everytime nagbukas sya ng p.c na? |
| |
sige mag post ako sa blog nang restore.vbs. baka gagana ang task manager mo doon.hanapin ko muna. 