Malware virus lich.sys removal

Posted on 2009-07-01
Medium Priority
Last Modified: 2013-12-09
Does anyone know how I can manually remove the lich.sys malware from Windows XP PC?  I have Symantec Antivirus loaded, and it finds the virus, but doesn't remove it.
Question by:rhender9
  • 2
LVL 47

Expert Comment

ID: 24754481
Does Symantec gives you the location of the virus? e.g., C:\lich.sys

Use MalwareBytes or even better Combofix and show us the Combofix log.
Please download ComboFix by sUBs:

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
LVL 47

Expert Comment

ID: 24754515
I'd say use Combofix as the driver/service is already in its database.
LVL 13

Accepted Solution

JeremySBrown earned 2000 total points
ID: 24755042
Try scanning with Dr. Web Anti-Virus as well.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question