New Virus?

[Guest]

Hi all,
I just wanna know whether the following description was derived from the
latest virus?
[os] win2k pro with sp4, mcafee7.1 with latest virus definition and scan
engine. all packages updated
[symptom]1. Cannot paste, cannot drag file
2. SVCHOST.exe take more than 90% usage of CPU
3. Error reported of explorer.exe frequently
4.found virus files: ucilonyc.exe;kgjdj27.exe; ozify.exe;
pcmsg.dll, 32kb.com; cleanup.com; winserver32.exe; win.exe; winsys.exe;
unere.exe; SVCHOST32.EXE
5. Remove all detected files, replace the svchost.exe on
&root&\system32

NONEFFECTIVE!!!
Wish get prompt help/solution.

Best Regards

 

[Crouchie1998]

It seems you have quite a few viruses/worms & a spyware file on your
computer

The worm is SDBOT.AK (Win.exe)

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ak.html


ucilonyc.exe (SDBOT:AZW):

http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.AZW


pcmsg.dll (SPY.PCGhost400):

http://securityresponse.symantec.com/avcenter/venc/data/bat.mumu.a.worm.html

Tool to clean the above from Symantec Antivirus Resource Centre (SARC):

http://securityresponse.symantec.com/avcenter/venc/data/bat.mumu.a.worm.removal.tool.html

Direct download link to above tool:

http://securityresponse.symantec.com/avcenter/FixMumu.exe

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074017

winsys.exe (SPYWARE/WORM)

http://startup.iamnotageek.com/srch-winsys.exe.html


The best Spyware/adware/trojan detector on the market & its FREE:


http://www.spybot.info/en/download/index.html

YOU DON NOT HAVE TO DONATE OR PAY FOR SPYBOT

 

[David H. Lipman]

From: "Robert" <[email protected]>

| Hi all,
| I just wanna know whether the following description was derived from the
| latest virus?
| [os] win2k pro with sp4, mcafee7.1 with latest virus definition and scan
| engine. all packages updated
| [symptom]1. Cannot paste, cannot drag file
| 2. SVCHOST.exe take more than 90% usage of CPU
| 3. Error reported of explorer.exe frequently
| 4.found virus files: ucilonyc.exe;kgjdj27.exe; ozify.exe;
| pcmsg.dll, 32kb.com; cleanup.com; winserver32.exe; win.exe; winsys.exe;
| unere.exe; SVCHOST32.EXE
| 5. Remove all detected files, replace the svchost.exe on
| &root&\system32
|
| NONEFFECTIVE!!!
| Wish get prompt help/solution.
|
| Best Regards
| --
| Nothing is easy,
| Everything is possible.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt524.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
The utility SYSCLEAN_FE in "Procedure 1" at the following URL
http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
Trend Sysclean Package.


2) Update Ad-aware with the latest definitions.
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using Trend Sysclean, Stinger and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
5) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Ad-aware

* * * Please report your results ! * * *

 

[Guest]

Thanks for all the replies.
Dave,
I have done all the work you suggested, unfortunately, the symptom still
exist.
I run stinger.exe; Ad-aware.exe; sysclean.com in safe mode at the same time.
Nothing can be found. I can ensure all the virus definition is updated.
I've also removed the svchost.exe, so the usage of CPU is normal, but
Copy&Paste is still unavailable.
I cannnot use Win+F, Win+E, etc to find an file or open explorer.

From: "Robert" <[email protected]>

| Hi all,
| I just wanna know whether the following description was derived from the
| latest virus?
| [os] win2k pro with sp4, mcafee7.1 with latest virus definition and scan
| engine. all packages updated
| [symptom]1. Cannot paste, cannot drag file
| 2. SVCHOST.exe take more than 90% usage of CPU
| 3. Error reported of explorer.exe frequently
| 4.found virus files: ucilonyc.exe;kgjdj27.exe; ozify.exe;
| pcmsg.dll, 32kb.com; cleanup.com; winserver32.exe; win.exe; winsys.exe;
| unere.exe; SVCHOST32.EXE
| 5. Remove all detected files, replace the svchost.exe on
| &root&\system32
|
| NONEFFECTIVE!!!
| Wish get prompt help/solution.
|
| Best Regards
| --
| Nothing is easy,
| Everything is possible.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

Dump the contents of the IE Temporary Internet Folder cache (TIF)

start --> settings --> control panel --> internet options --> delete files

1) Download the following four items...

McAfee Stinger
http://vil.nai.com/vil/stinger/

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Trend Sysclean Method 1
---------------------------------------
Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt524.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
The utility SYSCLEAN_FE in "Procedure 1" at the following URL
http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
Trend Sysclean Package.


2) Update Ad-aware with the latest definitions.
3) Reboot your PC into Safe Mode and shutdown as many applications as possible
4) Using Trend Sysclean, Stinger and Ad-aware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
5) Restart your PC and perform a "final" Full Scan of your platform using the three
utilities; Trend Sysclean, Stinger and Ad-aware

* * * Please report your results ! * * *

 

[Kevin D. Quitt]

Back up your data files, wipe the system and reinstall. Install
anti-virus and anti-spyware BEFORE reconnecting to the 'net.