Win32:SkiMorph Virus help

[Moiz]

Hello,
avast analysis found me a virus, Win32kiMorph [encryption]
it slows my pc and opens windows advertising
I give you the hijack scn
thank you for your help

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:37, on 09/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

[Zachary]

You could check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here.

If it is indeed a false positive (only detected by avast in VT above), add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions
Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

Send the sample to [email protected] zipped and password protected with the password in email body, a link to this topic might help and false positive in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn't already in the chest) where it can do no harm and send it from there (select the file, right click, email to Alwil Software). The new submission process doesn't actually email it but uploads it to avast during the Auto or Manual update process.

So no need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

[Big Fish]

Restart your computer in safe mode (as starting up keep tapping F8) and pick start in safe mode from menu. Run you anti virus in safe mode and delete everything found. Your system should now be clean!

If not try this.

Many viruses hide in folder, programs and files that are been used by the computer so Anti virus programs either cannot detect then or if they do they cannot delete them. Sounds like you have a mixture of a virus and malware. Firstly you need to download Malwarebytes antimalware and TR (Trojan Remover). Run both these in normal mode and delete anything found. Then restart the computer in safe mode (as the computer is starting keep tapping the F8 key) select start in safe mode and wait till it loads. Now run each of the programs in this order (NOT TOGETHER) TR and delete anything it finds, Malwarebytes and again delete what it finds, the run your Anti virus (NOrton 360) and again delete what it finds. This should now leave you with a clean computer. By the way all the programs above are free, just google them. Hope this helps. Good luck. If you need further help then get back to me.