I received a virus, what way, I'm not sure. I'm not really a browser, but I have received Kolweb-n. Well, everytime, I deleted it, it resurfaced. I found the threat details here.
http://www.spywareresearchcenter.biz/threatdisplay.aspx?name=Trojan.Win32.Kolweb.n&threatid=158269
Quote:
Trojan.Win32.Kolweb.n
Type Malware
Type Description Malware ("malicious software") consists of software with clearly malicious, hostile, or harmful functionality or behavior and that is used to compromise and endanger individual PCs as well as entire networks.
Category Trojan
Category Description Trojan is a general term for malicious software that is installed under false or deceptive pretenses or is installed without the user's full knowledge and consent. Most Trojans exhibit some form of malicious, hostile, or harmful functionality or behavior.
Level High
Level Description High risks are typically installed without user interaction through security exploits, and can severely compromise system security. Such risks may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware. These risks may also collect and transmit personally identifiable information (PII) without your consent and severely degrade the performance and stability of your computer.
Advice Type Remove
Release Date Aug 27 2007
Last updated on Feb 22 2008
File Traces
werwec.dll
werwec.exe
werwed_pt.exe
If anyone can help, I'll appreciate it. It's slowing down my already slow connection. I'm on 56k and instead of the connection giving me, 5kbs/ it's not 1.8kbs download speed. I'm forever in your debt if you help me
open up the c-drive enter Program Files and open the folder that contains it.
ReplyDeletenext open taskmanager. CTRL + ALT + DELETE visit the processes it's at and before ending processes delete the in the folder.
do not confirm just yet. end processes then confirm. this way its disabled when it deletes, simply empty the recycle bin download nod32 smart security and you will never have this problem again Wink GL. my technique for deleting bad is 100% fool proof just do it like I wrote.
usually it's a program you recently installed. whats the latest installation you did? and the processes you know what it is right? usually it gives itself away by it's name. do a search with the title of the virus running in processes. what sucks is when it's invisible. I went banana's when that happened to me. I went in my c-drive and wiped out all possible folders it could be hiding under. usually the folder cannot be deleted if it's running.
ReplyDeleteI'm going nuts lol. All I know, it's in the the registry. I've checked the folders and nothing is popping up. nothing suspicious anyways. The one thing that looks suspicious though is I have so many SVhost.exe running than I ever had before
ReplyDeletethats your internet connection do not remove that or your net will die.
ReplyDeletelook for something thats processing aside from svhost.
I though svhost was evil too but its a required file to get internet.
any clue's or details as to whats running though? what was the latest thing you installed? latest site you visited.
All can be the way to getting rid of it.
Sp_presser.exe looks funny as well as KBD.exe
ReplyDeleteThe latest software I installed was spybot, the latest website I visited was ps3forums.com
by the way, thanks for helping me so far.
np bro, sp_presser doesn't look real, that maybe it. search it and when you get there visit the folder delete it but do not confirm delete until you shut down the processes.
ReplyDeleteEdit:
Make sure to read the details before you delete usually the virus's do not have content on them, it's possible it's also a compressed file like ocx / dll...
try this -
ReplyDeletestart - run - cmd
type in tasklist
look for anything suspicious, the virus name may be the program name.
Now, it may be as simple as typing in taskkill /f /im "programname.exe" || "program.com" & etc but
this most likely won't work.
Now using windows search copy paste that program without the .exe or .com.
Find it and if you can delete it. If it works up to now, that was too easy.
Now download this
http://www.docsdownloads.com/Tier1/dr-delete.htm
after download use that to delete your file. Restart your computer.
Should be working
If you could not locate which one was the virus, just paste the list here.
lmao, restart? you don't have to restart to kill a virus. u just delete the file and end processes. next time you turn off pc n turn it on it's gone. the way you do things seems to be a lot more work if you ask me. I just open My Computer c-drive C:\\ then Program Files Folder and search for a weird folder. usually they have some unreadable folder title. The only real threat is if a virus installs in your font folders which will make it invisible. This is why I urge everyone to use nod32 Smart Security.
ReplyDelete