Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

security 360 wont get this malware erased!


Recommended Posts

Posted

hi

I tryed many times to scan my pc ,and every time the scan finishes it picks up a malware called " MSIVXcount ". security 360 dosnt remove it! I need help to get this off!

 

Has anyone had this malware and is there ways to remove it as it affects the internet connection.

 

cheers mike

Posted

Hi mike

Which anti-virus program do you use?

If that doesn't find this rootkit virus, try for example Kaspersky online scan and let it run it's course.

If you can't get to the internet, try safe mode with that option chosen

 

I found this on the internet here:

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=55421&page=4

Drivers to disable:

MSIVXserv.sys

Drivers to delete:

MSIVXserv.sys

Files to delete:

C:\Autorun.inf

D:\Autorun.inf

C:\WINDOWS\system32\drivers\MSIVXpxettvasrnemkooicrytqcpwbbcsgpsu.sys

C:\WINDOWS\system32\MSIVXpvymtqimexcpdqpsvymktfnpckdjnchw.dll

C:\WINDOWS\system32\MSIVXbnixqaxvkdsiborkveqxuehwtveijcqx.dll

C:\Windows\System32\MSIVXcount

C:\Windows\System32\MSIVXcount.dll

Registry keys to delete:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSIVXserv.sys

HKEY_LOCAL_MACHINE\SOFTWARE\MSIVX

 

Cheers

solbjerg

 

 

hi

I tryed many times to scan my pc ,and every time the scan finishes it picks up a malware called " MSIVXcount ". security 360 dosnt remove it! I need help to get this off!

 

Has anyone had this malware and is there ways to remove it as it affects the internet connection.

 

cheers mike

Posted

Mike

 

Some rootkit detection and removal freeware can be found here and here -Have you tried Malwarebytes? You may have to download,install and scan all in safe mode/networking.I would recommend disabling system restore and possibly deleting your previous restore points as they may be infected as well.Best of luck

Posted

Troj/Rustok-N and Winisoft Blue

 

There are several programs that are barely able to remove the Troj/Rustok-N virus. This virus hijacks system and internet properties and is a real pest. It creates false hyperlinks attached to many high traffic websites such as Google.

 

Often it can disable interaction with certain websites and protected websites usually offer this warning: "Your computer (IP:) generates an attacking DOS requests at our servers caused by the spyware/virus named 'Troj/Rustok-N'"

 

Commonly Super Anti Spyware and MalwareBytes are prescribed to get rid of the virus. They have now had to create alternate starts to get around the advanced blocking the virus uses. It can block access to the anti-virus sites and provide false links to Winisoft Blue, a FALSE anti-spyware program that under no circumstances should be downloaded or installed. If this mistake does occur, the virus essentially comes out of hibernation once Winisoft Blue is uninstalled and is even more difficult to remove. It gives false pop up warnings at almost every instance and activity.

 

The alternate start for Super Anit Spyware was effective, but I think 360 could definitely be a contender, but as of now the virus goes unnoticed in the scan.

Posted

Possible useful info for an eventual easy solution

 

Well, I tried what was suggested here and on other sites and it was not working. So I made some tests on my side and found a very easy solution to fix the problem and delete MSIVX threat.

 

I'm posting here because I'm more a generalist having mostly knowledge with html and bbcode. (I have also a very basic knowledge with java, javascript and C but I'm far to be able to build a program). Anyway, I hope it'll help IObit Security 360 developpers to offer an easy solution soon.

 

(My OS is Windows XP)

 

Step 1, I scanned my registry and deleted the key(s) found with MSIVX

 

Step 2, I opened the run box and typed command to be able to work in DOS.

 

Security 360 was unable to fix the problem but at least it was able to find where the problem was hide so I knew what was the directory.

 

C:\WINDOWS\System32

 

(Of course it was impossible to see that threat in the files list for the user with Windows)

 

Step 3, With DOS, I changed the directory to access C:\WINDOWS\System32

 

Step 4, I was able to delete easily all the MSIVX...... files one by one just using del name of the file for each.

 

Step 5, Just in case I deleted all the files in my Prefetch folders

 

Step 6, Just in case I searched again in my registry (found nothing)

 

Step 7, I restarted my PC

 

Step 8, I was able to install a HiJack software that was blocked before than I deleted a few suspect entries.

 

I launched a new search with IObit Security 360 (and 2 other scanners) and in all the cases the result was a no threat PC report.

 

Hope it'll help

Posted

I forgot to add a SS in my precedent reply

 

Well, in case someone else would like to try it, here a few additionnal details to help and SS.

 

 

When working with DOS to change a directory you have to type:

 

cd new directory

 

In that specific case that means you need to type :

 

cd C:\WINDOWS\System32

 

To view the directory you need to type dir but because the list is very long you need to add the p for page or you'll see only the end of the list.

 

dir/p

 

Then you strike any key until you are at the right place to view the MSIVX files.

 

http://img.villagephotos.com/p/2006-11/1226606/MSIVXcount.JPG

 

Good luck! :mrgreen:

Posted
Hi

 

this is good way to find malicious keys, is there a way to delete them from that cmd screen.

 

Of course. (BTW it was in the first of my two replies above. :mrgreen:)

 

When you are in the right directory, the command to delete a file is simply del name of the file

 

So in the case of MSIVXcount: del MSIVXcount

 

In the case of the next line (MSVIXdgldobrilrxlbvgxnojkxslohgotqwgr.dll): del MSVIXdgldobrilrxlbvgxnojkxslohgotqwgr.dll

 

ETC........

 

 

(A useful thing is you can see the date in the left column.)

 

 

Since birth of the first Windows, most of the users (including me :lol:) don't use anymore the basic DOS commands so it's kind of lost knowledge.

 

Here is a link for a site where you can find the most common MS DOS commands and the explanation of what they do.

 

http://www.computerhope.com/overview.htm

 

When you click on a specific command you'll get also the syntax.

 

Example (with the del command):

 

http://www.computerhope.com/delhlp.htm

 

(I feel most of the malwares developpers are sure a regular user don't have the knowledge and won't take the time to work in DOS anyway. Also, if ppl have to pay someone else to fix their PC, they are not ready to pay a fortune for that. Personnaly I consider as long as it's possible to start a PC and access the HD, it's not a lost cause. + Whatever the damage on the HD is too important and you need to reformat, at least it's a very good thing when you can recover all the personal user files he hadn't already saved on a backup drive.)

 

I ever saw ppl crying becausae they lost personal documents like schoolwork, different kind of personal files, contracts, movies of the family, personal pictures, downloaded musics they have paid for, ...

 

Hope it'll help

 

Good luck,

 

O3CT

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...