help eliminate killer.exe

ladiesman217 · 12-27-2007, 04:26 AM

anyone here know an easy way how to kill this virus. its included on the startup. i cant run any utilities to eliminate this one since it kills all open programs.

dynamik · 12-27-2007, 04:38 AM

You can try booting off the installation cd and loading the recovery console to delete the file. Maybe you could run some type of removal tool off a floppy or something too.

SWM · 12-27-2007, 06:10 AM

try booting from a Bartpe CD and then delete any killer.exe files on the hard disk

ladiesman217 · 12-27-2007, 06:32 AM

Quote:

Originally Posted by SWM

try booting from a Bartpe CD and then delete any killer.exe files on the hard disk

i was suppose to do that

but problem is the laptop im fixing cant read burned cds...it can only read genuine cd's... i dont know why...

dynamik i'll try your suggestion but if i fail i'll just format to kill the killer....

blargoe · 12-27-2007, 11:00 AM

Usually, my policy is to format an infected system anyway. But I really like a pristine system.

If you can't open any programs, you have no option than to try booting into another environment like Ultimate Boot CD, Bart PE, etc. and trying to clean the system. UBCD has a virus scanner included with it so maybe you should start there.

Mishra · 12-27-2007, 11:05 AM

www.bootdisk.com

floppy?

ladiesman217 · 12-28-2007, 06:50 AM

thnks for all who replied!

i got another dvd now that supports reading burned cd's. now i can boot using bartpe....just want to ask how can i delete hidden virus files like krag.exe.

im wondering if its possible to perform manual deletion since the virus made a lot directories under the Windows folder.

if you know a free virus removal pls inform me.

pccillin is totally useless! it cant even detect krag.exe

RussS · 12-28-2007, 08:41 AM

If you have UBCD for Win you can run several of the AV tools such as Stinger or the Avast tool to remove infections. You will also find that using one of the explorers such as Free Commander you can see invisible files.

**note** - remember to delete the page file

royal · 12-28-2007, 10:14 PM

Seriously, if you have a virus, format. There are so many virus' that replicate and infect other stuff that antivirus programs don't detect. Especially if you do any type of online banking, etc..

If you don't want to format, run a program called HiJackthis so we can check out your run on startup registry keys and programs that are running in task manager.

As others said, you can just boot from some type of boot disk to delete the file. If you don't format, I highly suggest you use a bunch of antivirus scanners and try to ensure your system is virus free.

But again, I recommend to format, especially if the system is connected to a corporate network!

Daniel333 · 12-28-2007, 11:03 PM

ladiesman217,

Malware removal is tedious. If it's going to take you more than an hour, it's best to reformat. BUT if you are doing it as an exercise in learning then here is my recommendation.

1) Snag McAfee command line scanner and trend command line scanner. Both free from their sites. Place them on the c: of the target computer.
2) Boot to BART-PE
3) delete all the temp folder on the computer
4) Run the Mcafee then the trend.
5) Find the exact path of the file you were having trouble with and delete it from the command line if it's still there. I also search through the C: root and C:\Windows\System32 folder for errant files as well.
6) Reboot to safe mode with networking, see if it comes back.
6a - if it does) pull the HDD out of the laptop and install it into an enclosure scan it from another computer running Panda, McAfee, Norton, Trend, Spysweeper, Ad-aware, spybot, Spyware Doctor and Avast.
6b) If it doesn't, install and update Avast, Ad-aware, Spybot and SpySweeper scan...
7) use hijackthis to remove anything funny.

uninstall the apps above
9) Boot to regular mode, run Registry Mechanic
10) Run/update the workstations regular protection (Anti virus, antispyware and firewall), chances are what ever they were using was not updated or a poor choice for that user. I personally find Norton to be a system hog and too complicated for most users, so it does more harm than good. Something simple like Spy sweeper normally works best.
11) Apply all Windows updates and switch them to Firefox.

That assumes you have 4 hours to blow.

binarysoul · 12-29-2007, 12:39 AM

Format and reinstall the OS.

If no backup exists, it's a lesson learned.

Of course there's a solutin, but r u willing to spend 10 hours?

Kasor · 12-29-2007, 10:12 PM

I agree with everybody, sometime it is better off to just reformat the HD. Unless you are engineer that like to break into the machine code and the circuit.

Tell the user that you will hold them accountable to bring the virus to the laptop. Now you need to reformat the HD to get it work. Of course unless they are senior management that must need the file back. Then you take the HD to the recovery specialist.