• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1101
  • Last Modified:

W32/NGVCK.a cleaning

A friend has McAfee Virus Online.  A scan shows 534 files infected, mostly by NGVCK.a virus.

After running the scan, it says it can't clean the files, and gives me the opportunity to quarantine them.  However, some of them are system files and it seems like a quarantine would make the system inoperable.  

I am getting a Windows File Protection asking to replace some of the affected files if I've got the CD  (Home Edition).

What's the best way to clean this?
0
kellysmith120
Asked:
kellysmith120
  • 4
  • 2
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
McAfee Stinger...
http://vil.nai.com/vil/stinger/
-rich
0
 
kellysmith120Author Commented:
Thanks, rich.  I saw the stinger from McAfee, but it doesn't specifically list the virus in question.  Also, the Online version I'm running detects the virus fine, but says they can't be fixed.
0
 
Rich RumbleSecurity SamuraiCommented:
Did you try stinger anyway?
I don't see any standalone remover's for this- but it's rumored that this tool could do it
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html but not guarnteed

http://support.f-secure.com/enu/home/ols.shtml might be able to help...

This virus may be too much for a standalone tool to remove- if you have a friend with an updated AV product, perhaps you can bring your HD over to them, and install it in thier pc as a slave drive, and they can scan you HD and remove the files (like unblaster.exe)
TDS3 may also help you http://tds.diamondcs.com.au/index.php?page=download GL
-rich
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
kellysmith120Author Commented:
I've downloaded the stinger for her, but it seems pretty precise about the viruses it detects.

I have a full version of McAfee on line running, so I'm not sure why it wouldn't take care of it.  The only thing I can come up with is disabling the System Restore.  Most of the files aren't don't appear to be system restore locked, so that might not work either.

I'll try both solutions (System Restore and the removal tools).  If the System Restore doesn't fix it, and the tools do, I'll award the points.

Otherwise, to clarify and repeat the question - My virus software found infections with the NGVCK.a on system files (C:\winnt , etc.), and says it can't clean them, and I'm assuming that I can't just 'delete' them.  How do I remove the virus (using McAfee Online) from my system?
0
 
kellysmith120Author Commented:
FYI - I will be out of town for a couple of days, but will check back  before I leave and again when I return.
0
 
kellysmith120Author Commented:
Stinger didn't remove it.  She's given up and going to reformat it.  

The answer didn't help me, but I'll award them for maybe helping someone else who reads it and is unaware of Stinger.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now