This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to clean/delete an uncleanable virus

Some of my computers here have some uncleanable viruses/spyware. I have already did the full system scan on the affected computer also, after the full system scan I already restarted the computer. (the computer is installed with endpoint security 9 and is managed by enterprise console 4). Also I already updated the endpoint security 9 to its latest version but still to no avail I still receive the virus alert from enterprise console.

Every time I try resolve the alerts and errors on that specific computer that is infected by a virus it always shows that the virus is uncleanable.

How can I clean/delete this virus (Virus/spyware 'Troj/Gida-A') using sophos?

:1711


This thread was automatically locked due to age.
Parents
  • This is all very fine until it infects a file like the iastor.sys. Delete this and the Pc/laptop will not boot.

    I had a XP home laptop recently that had me up to the small hours trying to figure out what was going on.

    I recieved the laptop with a  "desktop would not load" problem

    I removed the disk and scanned it using a PC.It had a few instances of rootkits and the dreaded TSSR.

    They were deleted and all seemed ok. when doing the usual checks and all seemed ok.

    However I could not access windows update page. Try as I might I could not open the update page or search using the words "windows update".Everthing else worked fine.

    I installed Fire fox and no luck, google chrome and still no luck.  This ruled out active X issues.

    I scanned the Laptop and it found a threat and said it quarantined it but there was nothing in Quarantine.

    I then rebooted the Laptop and found antivirus software was disabled and I could not access the anti virus software due to lack of privileges.

    I removed the disk again and scanned it from a pc and this is the result

    ****************** Sophos Anti-Virus Log - 04/04/2010 23:27:04 **************

        ...
    20100404 200258 File "G:\WINDOWS\system32\drivers\iaStor.sys" belongs to virus/spyware 'Mal/TDSSRt-A'.
    20100404 200352 File "G:\WINDOWS\system32\drivers\iaStor.sys" has been cleaned up.
    20100404 200352 Virus/spyware 'Mal/TDSSRt-A' has been removed.
        ...
          (3 items)

    However the iastor.sys is necessary for the laptop to boot from its sata drive, but there was a uninfected version of the file on the drive as a backup. I copied it back to the appropriate place and all was fine.

    I did not realise the the TDSS variant could infect a file like the iastor.sys.

    The war goes on 

    Pat

    :2253
Reply
  • This is all very fine until it infects a file like the iastor.sys. Delete this and the Pc/laptop will not boot.

    I had a XP home laptop recently that had me up to the small hours trying to figure out what was going on.

    I recieved the laptop with a  "desktop would not load" problem

    I removed the disk and scanned it using a PC.It had a few instances of rootkits and the dreaded TSSR.

    They were deleted and all seemed ok. when doing the usual checks and all seemed ok.

    However I could not access windows update page. Try as I might I could not open the update page or search using the words "windows update".Everthing else worked fine.

    I installed Fire fox and no luck, google chrome and still no luck.  This ruled out active X issues.

    I scanned the Laptop and it found a threat and said it quarantined it but there was nothing in Quarantine.

    I then rebooted the Laptop and found antivirus software was disabled and I could not access the anti virus software due to lack of privileges.

    I removed the disk again and scanned it from a pc and this is the result

    ****************** Sophos Anti-Virus Log - 04/04/2010 23:27:04 **************

        ...
    20100404 200258 File "G:\WINDOWS\system32\drivers\iaStor.sys" belongs to virus/spyware 'Mal/TDSSRt-A'.
    20100404 200352 File "G:\WINDOWS\system32\drivers\iaStor.sys" has been cleaned up.
    20100404 200352 Virus/spyware 'Mal/TDSSRt-A' has been removed.
        ...
          (3 items)

    However the iastor.sys is necessary for the laptop to boot from its sata drive, but there was a uninfected version of the file on the drive as a backup. I copied it back to the appropriate place and all was fine.

    I did not realise the the TDSS variant could infect a file like the iastor.sys.

    The war goes on 

    Pat

    :2253
Children
No Data