Trojan.killAV-similar experiance?

J

JT

Hello all,
I've run into two different windows XP machines at 2 different clients now.
Norton picks it up as Trojan.KillAV. The files: info.exe, system.exe and
print.exe all show up in the system with this infection in the
%winnt%/system32 folder, the startup folder and the run reg keys for
HKEY_LOCAL_USER and HKEY_LOCAL_MACHINE. In addition you'll see a process
running called print.exe. Also, you get the following message when attempting
to access the properties of my computer, when trying to access control panel
or other system changing areas, either directly or via the RUN menu: "THIS
OPERATION HAS BEEN CANCELLED DUE TO RESTRICTIONS IN EFFECT ON THIS COMPUTER.
PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR". The previous error message did not
relate to a local or group policy. Also, the control panel is no longer
visable. Oh, and some popups too. It's very resistant to removal and the most
i've been able to do is disable it by killing the files with a program and
replacing the infected files with dummy files and locking them. But I can
never repair the error message with accessing system changing areas. Has
anyone else had any luck with this?? perhaps been able to remove and repair?
Any advice or experiance with this would be helpful.

Sorry its so long! Thanks in advace.
Justin
 
M

Malke

JT wrote:
> Hello all,
> I've run into two different windows XP machines at 2 different clients now.
> Norton picks it up as Trojan.KillAV. The files: info.exe, system.exe and
> print.exe all show up in the system with this infection in the
> %winnt%/system32 folder, the startup folder and the run reg keys for
> HKEY_LOCAL_USER and HKEY_LOCAL_MACHINE. In addition you'll see a process
> running called print.exe. Also, you get the following message when attempting
> to access the properties of my computer, when trying to access control panel
> or other system changing areas, either directly or via the RUN menu: "THIS
> OPERATION HAS BEEN CANCELLED DUE TO RESTRICTIONS IN EFFECT ON THIS COMPUTER.
> PLEASE CONTACT YOUR SYSTEM ADMINISTRATOR". The previous error message did not
> relate to a local or group policy. Also, the control panel is no longer
> visable. Oh, and some popups too. It's very resistant to removal and the most
> i've been able to do is disable it by killing the files with a program and
> replacing the infected files with dummy files and locking them. But I can
> never repair the error message with accessing system changing areas. Has
> anyone else had any luck with this?? perhaps been able to remove and repair?
> Any advice or experiance with this would be helpful.
>
> Sorry its so long! Thanks in advace.
> Justin

I haven't seen this on any of my clients' machines but there is a lot of
information about removing it available:

http://www.google.com/search?hl=en&q=Trojan.KillAV&btnG=Google+Search


Malke
--
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic!"
MS-MVP Windows - Shell/User
 
You must log in or register to reply here.

Similar threads

L
I installed a game and I got all this problems and I don't know how to solve them if anyone can help, thank you in advance
Replies
0
Views
33
lahcen dimou
L
C
I didn't open or change the files, but the file modification date changes
Replies
0
Views
30
Charlotte Wang426
C
O
Japanese IME graphic bug?
Replies
0
Views
39
Ocean L Kennedy
O
L
Black Screen Crash Running Lightroom Classic
Replies
0
Views
18
Leonard704
L
L
Black Screen Crash Running Lightroom Classic
Replies
0
Views
10
Leonard704
L
Back
Top Bottom