3 Replies Latest reply on Oct 21, 2010 3:58 AM by rameshk

    Winsysapp.exe, winalert.exe, commgr.exe issue



           I somehow got the above said vriuses from my pendrive which i had used on someother pc. This virus doesnt let me to open the registry,cmd and even it disable hidden file option. i had performed ODS on infected machines but still the is not getting resolved.


      Details: VSE 8.7i P3+ASE with Latest dat and engine.





        • 1. Re: Winsysapp.exe, winalert.exe, commgr.exe issue
          Attila Polinger



          what is your problem? Do you still have these viruses? From the names of the malware I assume you managed to identify and perhaps took actions on them, is this true? Did you scan the pendrive or did you scan the PC with ODS so that you know the names?


          I recommend using VirusScan's Access Protection with appropriate rules set to block and report so that such side-effects never happen again.



          • 2. Re: Winsysapp.exe, winalert.exe, commgr.exe issue



            I got those virues from pen drive only and i had performed ODS but still the issue had not resolved. i had idenitified it thr antispy16 log.






            • 3. Re: Winsysapp.exe, winalert.exe, commgr.exe issue
              Attila Polinger



              The pendrive must have been infected with an autorun worm and when you plugged it in the host, the autorun file was executed. Such execution might have already copied the same or similar autorun files to the host system's hard disks and folders, so it might be that whenever you change to a new partitoon or another folder, this autorun file gets executed. This could explain why a previously successful ODS finds the same infections over again.


              I would recommend the following(with the pendrive removed):


              - disable operating system's autorun function (or autoplay) completely.

              - make sure a VirusScan latest version with latest DAT and engine is on the operating system.

              - enable Access Protection module and enable the rules (with block and report) within, that is named "Prevent creation of remote autorun files". Make sure other rules are also in effect that protects McAfee files and folders, etc.

              - scan the host with an ODS task, that has no exclusions (file and folder) and has heuristics enabled and has Heuristic network check enabled and set to Medium (host need to have internet connection for this last function).

              - If successful, plug back the pendrive and scan it as well (better reformat).


              As for the specific filenames, you can search the internet for more information on removing them or fixing any of the actions they might have taken.


              I would not say you need to disable System Restore as well, but seeing that some torjans hide in System Restore folders, you might consider doing it before you scan the system with ODS.


              Also I'm not sure if the ODS will have exact detections, and fear that the autorun files might stay where they were originally copied but the content they refer to might get deleted by the ODS. Look for information how to get rid of these autorun files manually. If you search the internet for the specific filenames you listed here, you'll get some hits on removals, those articles might have instructions how to deal with autorun files remnants.





              Message was edited by: Attila Polinger on 10/21/10 12:15:47 PM CEST