Virus Trojan.generic.92403 & packer.krunchy.A

Soalan:
Aku guna bit defender skrg tapi ada virus yang tak boleh hilang ni..
trojan.generic.92403 dan packer.krunchy.A
ape av yg ble buang bende ni ek???

Jawapan:
TECHNICAL DESCRIPTION:
Trojan.Qhost.AKR comes as a patcher for BitDefender products 2008 (Internet Security 2008, Total Security 2008 and Antivirus Plus 2008) with a user interface and instructions on how to use it. At some point, you are requested to push a button that will modify the %WINDIR%\System32\Drivers\etc\hosts file, adding as entry the Bitdefender antivirus update site pointing to localhost. This will impede the antivirus to update.

Also, the attributes of the %WINDIR%\System32\Drivers\etc\hosts file will be set to hidden, system and readonly, making it more difficult to be seen and changed by an unexperienced user.

Removal instructions:
Please let BitDefender delete the infected file.
Go to the %WINDIR%\System32\Drivers\etc directory and check if the hosts file contains the line:
127.0.0.1 update.bitdefender.com
If so, change the hosts files attributes: remove the hidden, system and readonly attributes by typing to the command line:
attrib -h -s -r hosts
and afterwards, open the hosts file with an editor (ex: notepad) and delete the line mentioned above (the line containing: 127.0.0.1 update.bitdefender.com)

ANALYZED BY:
Boeriu Laura, virus researcher

1)Software: 1)Trojan Remover 6.6.9 2) Avira Premium 3) AVG 8.0

2) Disable SYSTEM RESTORE dulu.

Boot dlm SAFE MODE baru scan

Siap scan TURN OFF PC 5minit (jgn guna restart)

Dah abis 5minit baru on balik.

Install TUNE-UP utility utk repair registry

Install CCleaner utk clean registry entry