Antivirus System Pro Alert is running on the start screen with multiple error messages saying the PC is infected. Attempting to run any other programs results in an error message – stating that the program is ‘infected’. This meant that task manager and the current virus scan cannot be run. This is a malware virus and seems to initiate at PC start up.
The PC was re-started in ‘safe’ mode by pressing F8 during re-boot. The current virus scan was run with no viruses found. The PC was re-started and the same problem was present.
The PC was re-started in ‘safe’ mode. Using the bleeping.com web site suggestions I downloaded two programs rkill and malwarebytes. These were downloaded on a good PC and copied to the faulty PC. Both programs were run and malwarebytes reported multiple worm.allaple infections which were removed. After re-starting the PC the same problem was seen. The malwarebytes program was run again this time in extended scan mode and a further infected file was found and removed.
I then copied ‘Revo Uninstaller’ to the affected PC. Looking at the list of programs that start up on the PC I could see two that I did not recognise. They were both called qsorynfs which pointed to location \documents\admin\local settings\application data\hvhuvw and to program vcmsysguard.exe i.e. each time the PC starts up this program would be run. I deleted the vcmsysguard.exe program and the folder \hvhuvw. I also disabled qsorynfs using ‘Revo Uninstaller’.
The PC was re-started and there were no re-occurrences of the error messages. I re-ran the current virus protection and further copies of worm.allaple infections were found and removed. The PC was restarted again and the current virus protection run and no further infections were found.
I hope these notes help.
EDIT: Moved to a more appropriate forum
Edited by garmanma, 28 November 2009 - 10:47 AM.