n3vasap23.exe is kicking up a storm 1

[doior]

Anyone infected with this n3vasap23.exe? It appears to be W32.Spybot.worm but it will come back a few hours later after it has been attacked.

Symantec version 9 with rapid release files is not helping us.

Any info is appreciated.

Thank you.

 

[tchatzi]

Start->Run->services.msc

ssearch for a service looking like 'MSNPluginSrIvcs', right click and select Disable .

If this file exists here delete it(if you cant boot in safe mode, or with recovery console)
C:\WINDOWS\System32\n3vasap23.exe

search this registry keys and delete these entries
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [MSNPluginSrIvcs] n3vasap23.exe

HKEY_LOCAL_MACHINE\System\ControlSet001\Services] [MSNPluginSrIvcs] n3vasap23.exe

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [MSNPluginSrIvcs] n3vasap23.exe

and also make a search in the registry for that file(it might be somewhere else too)

Then install a good firewall and a good Antivirus (excluding Norton) This is my opinion, You can do as you wish.

Good Luck

 

[bcastner]

perluserpengo,

This is realtively new malware, and unfortunately it is polymorphic it seeems.

HijackThis! would make the registry edits above less tedious. See: faq608-4650

I suspect this is one of those new ones we have to wait on a bit for the Security community to get a good grip on the problem.

 

[doior]

Thank you for the reply. This is exactly what we are finding after removal. We are using the rapid release defs from Symantec that will seem to catch the virus but the PC will crash in a few hours.

At this stage, we have found that something else is with us or the PCs are just damaged! There is no visual porcess running but the PC will still crash after it has been up for a while.