J
Jahya
Guest
I downloaded the latest version of VCD Gear last night, and I wish I could remember the site I got it from b/c here's what happened.
I extract the zip and go to run the vcdgear exe and BAM! NIS and NAV start throwing up all kinds of virus warnings.
c:/windows/system32/syscg32.exe
This does not make me happy...
But it gets better because I have NAV set to attempt to repair the file then quarantine if unsuccessful. So the initial virus warning window pops up and I click OK, this brings me to the next warning window which tells me it was unable to repair the file. I click OK and instead of telling me it has quarantined the file(s) it takes me back to the first warning window which takes me to the unable to reapir window which takes me back to the original warning wiondow and so forth and so on....
So i go to symantec.com for removal instructions and try and follow them, but it turns out they are telling me to remove a file that does not exist. But I press onward and remove the registry entries I am advised to remove. And I'm done? No.
Just to be on the safe side I checked around a bit and found that syscg32.exe is still running in my services (and using 8meg of memory) so I end the process. Done, nope not yet. Just to be really safe I run RegCleaner and what does it find?? About 11 more registry entries.
I go back to sysmantec.com and continue reading, most of which is useless information that does not pertain to my particular problem until finally at the bottom of the removal instructions it mentions that the syscg32.exe probably does not exist because it was renamed at the time of execution to one of two or more possible names....this fianlly helped me as I found the last of the files (I hope) that the virus created.
I guess I will also go ahead and mention that even after updating the signatures on Swat It! the app was still unable to locate/eradicate this trojan....
Well anyway, I guess all is well now, nothing detected in the full sysscan by NAV and everything seems to be running smoothly again, I just thought I would share this experience because I have always been a big NAV fan and have always had good luck with it finding/removing virii, but this experience truly made me mad....the help provided by symantec was less than helpful and unless I want to pay phone sex rate for actual support, there is no way to communicate w/ symantec about this except ontheir feedback section, which I tried and after typing up the whole scenario for them I get an error on sending....
It was frustrating....
Anyway, this trojan is related to irc, so....watch out for it I guess.
I extract the zip and go to run the vcdgear exe and BAM! NIS and NAV start throwing up all kinds of virus warnings.
c:/windows/system32/syscg32.exe
This does not make me happy...
But it gets better because I have NAV set to attempt to repair the file then quarantine if unsuccessful. So the initial virus warning window pops up and I click OK, this brings me to the next warning window which tells me it was unable to repair the file. I click OK and instead of telling me it has quarantined the file(s) it takes me back to the first warning window which takes me to the unable to reapir window which takes me back to the original warning wiondow and so forth and so on....
So i go to symantec.com for removal instructions and try and follow them, but it turns out they are telling me to remove a file that does not exist. But I press onward and remove the registry entries I am advised to remove. And I'm done? No.
Just to be on the safe side I checked around a bit and found that syscg32.exe is still running in my services (and using 8meg of memory) so I end the process. Done, nope not yet. Just to be really safe I run RegCleaner and what does it find?? About 11 more registry entries.
I go back to sysmantec.com and continue reading, most of which is useless information that does not pertain to my particular problem until finally at the bottom of the removal instructions it mentions that the syscg32.exe probably does not exist because it was renamed at the time of execution to one of two or more possible names....this fianlly helped me as I found the last of the files (I hope) that the virus created.
I guess I will also go ahead and mention that even after updating the signatures on Swat It! the app was still unable to locate/eradicate this trojan....
Well anyway, I guess all is well now, nothing detected in the full sysscan by NAV and everything seems to be running smoothly again, I just thought I would share this experience because I have always been a big NAV fan and have always had good luck with it finding/removing virii, but this experience truly made me mad....the help provided by symantec was less than helpful and unless I want to pay phone sex rate for actual support, there is no way to communicate w/ symantec about this except ontheir feedback section, which I tried and after typing up the whole scenario for them I get an error on sending....
It was frustrating....
Anyway, this trojan is related to irc, so....watch out for it I guess.