Wednesday, November 18, 2009

Another day behind the virus

This time another virus utilized my time and effort.

The virus was an executable g8k.exe. My system was behaving weird ..but unfortunately, I couldn't force remove this executable and made me dig deep into this.

Part 1:
A little bit of google led me to the fact that there are some more files related to g8k.exe

1. %temp%/herss.exe
2. %temp%/cvasds0.dll
3. %temp%/cvasds1.dll

Remember to boot in safe mode to remove them.If you don't have access to safe mode, then remove hidden attributes for these file and do a force delete.

Part 2: TPShocks.exe is misused by this virus. Kill this from task manager and you can remove g8k.exe peacefully.

The reason why I said TPShocks is misused is because it is supposed to be for IBM Hard Drive Active Protection. So don't go and kill this, thinking its a virus...Since it maybe an actual hard drive protection service! Don't mess up too much!