Virus Win32/Hantaner!!! Plz help

[zile]

i get this virus (Win32/Hantaner) from kazza.

i use avg as my anti-virus program. The "residential sheild" says that a virus has been dectected in C:\system_voluem_information\.... (some long code after that).

but when i run a complete test, it says that no virus was dectected.

Is the virus still in my computer? If it is how can i remove it?
Is this a dangerous virus?


Thanx

oh BTW i use window xp home edition.

[ESALADUANE]

I got this from another site:

Win32.HLLP.Hantaner

It is a harmless nonmemory resident parasitic Win32 virus. The virus itself is PE EXE file (Win32 executable file), it is written in Delphi and has the length about 47K (not compressed) or 24K (compressed by UPX).

It searches for *.EXE files (any files with .EXE filename extension) in the KaZaa download directory and writes itself to the beginning of the files. As a result the virus is able to spread through KaZaa files sharing network (being downloaded from infected machine).

The virus does not manifest itself in any way.

The virus also contains the text strings:

HANTA-Vjoiner ,si que lo hice yo, ErGrone/GEDZAC...
eso va para los seÓoritos de PER, en especial a Machado, que no tiene la educaciÕn necesaria para responder un E-Mail.
y para los que se enojaron con CPL, jeje, pa que ocupan Hotmail!!!, teniendo miles de mailbox gratis y con mas espacio.
FallÕ la Heuristica y contra una tÊcnica antigua JoJOjOO-Escrito en Delphi 6!-

[zile]

Thanx ESALADUANE. I appreciate it. And i'm glad that the virus is a harmless one.

But if i were to choose i would rather not have it on my comp.

Is there anyway to permenantly remove this nonmemory virus?


THANX

[ESALADUANE]

oops, I forgot to add the link:

http://www.viruslist.com/eng/viruslist.html?id=58323

[Tobin]

McAfee Virus Information

It only says that they have a dat file that will delete it and gives you information about the amount of damage it does.

[zile]

Thanx alot tabin.

i found out that the virus is still on my computer, and avg dectected it in the "c:\system volume information" directory.

I found out a way to get rid of this, so everyone that are having problem because anti-virus program can not delete a virus from this particular folder should do this:

""""""Description for disabling restore function for Windows XP:

Files placed in the _System volume information folder are source files for the system restore function that is available in Windows XP operating system. Files that were healed were moved in their original INFECTED state into this folder and it is necessary to DELETE them by following these steps:

Close all open programs. Then right-click My Computer on the Windows desktop
Click on Properties
Click on the System Restore tab
Check Turn off System Restore on all drives



Note: this information was found on the avg website: http://www.grisoft.com/html/us_faq.p...aa2cf27d9e60ed


oh yeah one more thing: I hope that those whom coded viruses can get a life and burn their asses in hell.

[Madcapper]

Just curious about the comment you made about file sharing programs being hugely unpopular in many circles.
What circles do you refer to? I could see why the file sharing programs like Kazaa would be unpopular with software vendors but I don't understand why normal Joes would object to them. No skin off their backs.

As for the Win32 Hantaner virus, I also got hit with it and was successful in cleaning it. I don't know if it takes up residence in the same places and in the same ways every time but in my case it took up residence in the C:\_RESTORE directory. Microsoft deliberately made it difficult to modify this folder and the only way to do it is to disable system restore. It'll wipe out your restore points, which is the tradeoff for getting rid of the virus. If this applies here and you have to take this route, don't forget to re-enable system restore once you clean your system.

[ESALADUANE]

What distinction are you making between software vendors and normal Joes?

[Madcapper]

Maybe 'vendors' isn't the word I was looking for. Maybe 'conglomerates' would be more appropriate. Nintendo, or even the RIAA are examples.
I personally am not into the file-swapping thing but it doesn't have much to do with ethics. People who do it don't bother me none. Just through my own experience I seldom encounter people who are bothered by it, so I was honestly curious about your comment.

[eatty]

I got the same virus on my computer through kazaa and every time i start the computer the avg sheild comes up then freezes when i try to do somthing and i can't get to the place to delete it. how would i fix this problem?

EATTY

(ps. i have windows ME)

[The Tool]

Current engine and DAT files of McAfee can remove it.

[Quokka]

I use AVG, I also have Zone Alarm .
Even if you go to Kazza and share files ?????????????? the firewall will only let you share others, it wont allow others to share yours !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! not allowing others to share your files, selfish yes, but much safer, not that I speak from personal experience you understand
Quokka

just read all that stuff from Esduane, if I had had kazza light I may have just deleted it.

[Marky1928]

Hey Quokka with Zonealarm do u know how to make websites open faster or what is making them slower

[Marky1928]

U can try scaning your computer with stinger from Mcafee and will find viruses and fix the files ( http://vil.nai.com/vil/stinger/ )

[Quokka]

As my signiture suggests, and the other few posts I have made here, I know nothing mate, sorry.
I also have adsl broadband so speed aint no problem to me,( smug sod )
Trouble is, being a pillock with the fastest computer I could get and with the fastest connections, it just means I COCK UP TWICE AS QUICK AS EVERYONE ELSE.
Sorry I cant be of assistance marky
Quokka