How to remove | Removing trojan.dropper/sys-nv virus


I got infected with trojan.dropper/sys-nv virus last week. Superantispyware was able to remove the infection, but everytime I reboot my pc...the virus keeps coming back trying to run itself or infect my system files so the Superantispyware keeps detecting/blocking and cleaning the same virus over and over, arghh! The other partitions on my hard drive which are my backup got infected too thats why formating all of it is not an option for me :)

I had a hard time looking for a simple solution on the internet since most of the things i found was too complicated like editing a lot of stuff on the registry system which got me worried since it can make your system unstable with one mistake. After trial and error with different antivirus, only KASPERSKY ANTIVIRUS 2009 was able to capture this virus. So I decided to post an easy way on how I cleared the virus and fixed the side effect on the registry.

1. First, download the trial version of KASPERSKY ANTIVIRUS 2009 and free SUPERANTISPYWARE.
3. Make sure you update both with the latest virus definitions from their respective sites.
4. Launch the SUPERANTISPYWARE and go to Preferences and select the Scanning Control tab, check the ff boxes like shown on the image below then click Close.
5. Run a full/deep scan using both KASPERSKY ANTIVIRUS and SUPERANTISPYWARE at the same time on ALL hard-drives/partitions.

Wait for both application to finish scanning, after it...
>> I. You will notice that KASPERSKY found the ff:
---------- a .CMD file on each root directory of ALL the hard-drives/partitions (this are the infected files).
---------- GBM6N.EXE files (this file is the culprit and the one that keeps placing the trojan.dropper/sys-nv on your system).
---------- trojan.dropper/sys-nv (trojan placed by GBM6N.EXE)
---------- adware.vundo variant (I keep detecting this together with trojan.dropper/sys-nv so I'm assuming that this is also with trojan.dropper/sys-nv or GBM6N.EXE)

KASPERSKY will prompt that it automatically delete all the GBM6N.exe and .cmd files after scanning.
7. SUPERANTISPYWARE will also remove the trojan.dropper/sys-nv and adware.vundo variant
8. SUPERANTISPYWARE will ask you to restart your PC... but first, make sure that KASPERSKY already deleted all the GBM6N.exe and .cmd files
9. Restart your PC...
10. Use the search tool on your pc to look for any file that has GBM6N on the filename (on my case,I found several GBM6N-prefetch files)... DELETE those files.
11. Restart your PC again...
12. Notice that when you click any of your drive, it doesnt open and will just show an "open with" window. Don't panic, all your files are still inside :) ...that's only the side effect of the virus we cleared a while ago.
13. Now to fix this "open with" issue... download the FixDrive-Tool HERE, this tool will fix your system registry that causes your drives/partitions not to open.
14. Once downloaded, unzip the file and extract the contents (FixDrive.exe and readme.txt) to a folder
15. Click the extracted FixDrive.exe to run the program.
16. Select the drive-letter from the list that exhibiting the problem then click Fix.
17. Your done... :D
blog comments powered by Disqus