Kuang2 Virus/Trojan - Does ANYONE KNOW HOW TO REMOVE?

[Guest]

I have the most current versions of McAfee VirusScan Online and Personal
Firewall Plus. Virus Scan DOES NOT detect this virus, but Firewall lists it
in the top port activity when I click "test my firewall".

I have been trying for about 17 hours straight to get rid of it without any
success. I have used the directions at McAfee.com support to boot to the
command prompt and use SCAN / ADL / CLEAN ALL / REPORT REPORT.TXT
The report showed everything was clean.

I used this after using the following:

housecall
symantec online scan
panda online scan
AVERT Stinger
CCleaner
Ad-Aware SE w/ the Ad-Aware VX2 Cleaner Plug-In for it
Spybot
Spyware Blaster
CWShredder
Kill2me
about:Buster
HSRemove

found at http://forums.majorgeeks.com/archive/index.php/t-35407

 

[Guest]

I have the most current versions of McAfee VirusScan Online and Personal
Firewall Plus. Virus Scan DOES NOT detect this virus, but Firewall lists it
in the top port activity when I click "test my firewall".

I have been trying for about 17 hours straight to get rid of it without any
success. I have used the directions at McAfee.com support to boot to the
command prompt and use SCAN / ADL / CLEAN ALL / REPORT REPORT.TXT
The report showed everything was clean.

I used this after using the following:

housecall
symantec online scan
panda online scan
AVERT Stinger
CCleaner
Ad-Aware SE w/ the Ad-Aware VX2 Cleaner Plug-In for it
Spybot
Spyware Blaster
CWShredder
Kill2me
about:Buster
HSRemove

found at http://forums.majorgeeks.com/archive/index.php/t-35407

Is your firewall testing inbound or outbound?
It could be trying to get on your system and your firewall is blocking it.

This trojan is 3 years old with all of the scans you have done it a good bet
you don't have it.

 

[David H. Lipman]

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Are you using McAfee's FireWall ? Your post isn't clear. It is possible that the FireWall
is is providing a False Positive declaration.

Read map's reply, it is apropos. I don't know who told you to or why you tried Stinger
becuase it does NOT target the Kuang virus so that was COMPLETELY worthless.

Your post indicates you used the McAfee Command Line Scanner. If you were infected, it
surely woould have found it !.

Follow the below instructions, if the Kuang is NOT detected than you are misinterpreting
something and you are clean.

1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

2) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) If you are using WinME or WinXP, create a new Restore point
9) Please report back your results

Dave






| I have the most current versions of McAfee VirusScan Online and Personal
| Firewall Plus. Virus Scan DOES NOT detect this virus, but Firewall lists it
| in the top port activity when I click "test my firewall".
|
| I have been trying for about 17 hours straight to get rid of it without any
| success. I have used the directions at McAfee.com support to boot to the
| command prompt and use SCAN / ADL / CLEAN ALL / REPORT REPORT.TXT
| The report showed everything was clean.
|
| I used this after using the following:
|
| housecall
| symantec online scan
| panda online scan
| AVERT Stinger
| CCleaner
| Ad-Aware SE w/ the Ad-Aware VX2 Cleaner Plug-In for it
| Spybot
| Spyware Blaster
| CWShredder
| Kill2me
| about:Buster
| HSRemove
|
| found at http://forums.majorgeeks.com/archive/index.php/t-35407
|
|
|

 

[Guest]

Thanks. I followed your instructions. It says I'm clean.

McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2
The Virus XXX" but nothing about having blocked the attempt.

I believe this is an inbound probe and all the other ports state:
"The firewall has blocked an attempt to access this port."

I'm still not sure if I have it or not.

Jac

 

[Guest]

McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2 The
Virus XXX" but nothing about having blocked the attempt.

I believe this is an inbound probe and all the other ports state:
"The firewall has blocked an attempt to access this port."

I'm still not sure if I have it or not.
Jac

 

[David H. Lipman]

If it's inbound -- you don't have it. It is looking for a peer.

Dave




| Thanks. I followed your instructions. It says I'm clean.
|
| McAfee Firewall Plus is still showing port activity on Port 17300 "Kuang2
| The Virus XXX" but nothing about having blocked the attempt.
|
| I believe this is an inbound probe and all the other ports state:
| "The firewall has blocked an attempt to access this port."
|
| I'm still not sure if I have it or not.
|
| Jac
| "David H. Lipman" wrote:
|
| > There are anti virus News Groups specifically for this type of discussion.
| >
| > microsoft.public.scripting.virus.discussion
| > microsoft.public.security.virus
| > alt.comp.virus
| > alt.comp.anti-virus
| >
| > Are you using McAfee's FireWall ? Your post isn't clear. It is possible that the
FireWall
| > is is providing a False Positive declaration.
| >
| > Read map's reply, it is apropos. I don't know who told you to or why you tried Stinger
| > becuase it does NOT target the Kuang virus so that was COMPLETELY worthless.
| >
| > Your post indicates you used the McAfee Command Line Scanner. If you were infected, it
| > surely woould have found it !.
| >
| > Follow the below instructions, if the Kuang is NOT detected than you are misinterpreting
| > something and you are clean.
| >
| > 1) Download the following two items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > 2) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 3) Reboot your PC into Safe Mode
| > 4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
| > clean/delete any infectors found
| > 5) Restart your PC and perform a "final" Full Scan of your platform
| > 6) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
| > 7) Reboot your PC.
| > 8) If you are using WinME or WinXP, create a new Restore point
| > 9) Please report back your results
| >
| > Dave
| >
| >
| >
| >
| >
| >
| > | > | I have the most current versions of McAfee VirusScan Online and Personal
| > | Firewall Plus. Virus Scan DOES NOT detect this virus, but Firewall lists it
| > | in the top port activity when I click "test my firewall".
| > |
| > | I have been trying for about 17 hours straight to get rid of it without any
| > | success. I have used the directions at McAfee.com support to boot to the
| > | command prompt and use SCAN / ADL / CLEAN ALL / REPORT REPORT.TXT
| > | The report showed everything was clean.
| > |
| > | I used this after using the following:
| > |
| > | housecall
| > | symantec online scan
| > | panda online scan
| > | AVERT Stinger
| > | CCleaner
| > | Ad-Aware SE w/ the Ad-Aware VX2 Cleaner Plug-In for it
| > | Spybot
| > | Spyware Blaster
| > | CWShredder
| > | Kill2me
| > | about:Buster
| > | HSRemove
| > |
| > | found at http://forums.majorgeeks.com/archive/index.php/t-35407
| > |
| > |
| > |
| >
| >
| >