How to get rid of 'infostealer.lineage' virus?

Forums › Microsoft Windows › How to get rid of "infostealer.lineage" virus?

heavenlywild

5059 posts

Uber Geek

Trusted

#19541 20-Feb-2008 21:41

I am running an XP computer and recently caught the infostealer.lineage virus. I only noticed it when I did a scan with the up-to-date Norton anti-virus. However, it doesn't let me delete it. I scanned with Spybot but it couldn't find anything.

I have Googled online but most links lead to a product you have to pay to fix the issue. I have tried scanning in safe mode but again, it wouldn't let me delete it.

Question is - how did it get into my system when I have up-to-date anti-virus loaded?

Anyway, what I care most right now is how do I fix this? Thanks in advance!:)

manhinli

2483 posts

Uber Geek

Trusted

#111957 20-Feb-2008 22:01

Strange... If you've got the latest, it should be able to remove it.

Anyway, here are removal instructions by Symantec: http://www.symantec.com/security_response/writeup.jsp?docid=2005-011211-3355-99&tabid=3

Find me on Twitter!

I posted 1, 2 x 10^3 times!

heavenlywild

5059 posts

Uber Geek

Trusted

#111971 20-Feb-2008 23:04

No luck mate. Followed the instructions on the website. A scan finds it but again I cannot delete it. It says, "Cannot delete an unsupported file". What to do?

dnb4life

312 posts

Ultimate Geek
Inactive user

#111989 21-Feb-2008 05:26

i use a combination of spyware doctor and avg anti-virus and they work a charm. however u do have to pay for both of them usually...

zocster

1983 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#111992 21-Feb-2008 06:42

i would suggest try another product, I would try Eset NOD32 trial, it gives you 30 days, you may have to uninstall your symantec product first, hope you still got the product key to install it again.

Have found this link http://answers.yahoo.com/question/index?qid=20070929143358AABQNcQ good luck

Andy Ghozali Geekzone Member	E: andy@ghozali.ru M: +64 21 395 458 A: Andy's Business Services, 231 High St, Christchurch 8011, NZ
www.andy.mobi

heavenlywild

5059 posts

Uber Geek

Trusted

#112017 21-Feb-2008 09:55

I have tried the help from Yahoo! and Symantec but without luck. Hmm, I think it is embedded in the registry. Any other ideas? Seems to only happen in XP. I recently got rid of a similar virus too and had to remove some coding in regedit.

I would hate to do a reinstall.

manhinli

2483 posts

Uber Geek

Trusted

#112091 21-Feb-2008 15:30

Have you tried to remove the entries listed on the Symantec site yet?

Find me on Twitter!

I posted 1, 2 x 10^3 times!

heavenlywild

5059 posts

Uber Geek

Trusted

#112110 21-Feb-2008 17:05

manhinli: Have you tried to remove the entries listed on the Symantec site yet?

Yes but I cannot find the following exe files in regedit under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

"[Random Name]" = "%ProgramFiles%\rundll32.exe"
"[Random Name]" = "%ProgramFiles%\explorer.exe"
"[Random Name]" = "%ProgramFiles%\Internat.exe"
"[Random Name]" = "%windir%\rundll32.exe"
"[Random Name]" = "%windir%\Internat.exe"

This is highly annoying. HELP!XD

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

manhinli

2483 posts

Uber Geek

Trusted

#112115 21-Feb-2008 17:15

Symantec sometimes uses general names for similar types of malware - this seems to be one of them.

Just look at what Trend Micro has to say about "Infostealer.Lineage":
A quick search turns up around 90 records under it's database!

So, your variant may require a different approach.

You're gonna have a hard time...

Find me on Twitter!

I posted 1, 2 x 10^3 times!

Tarq57

156 posts

Master Geek

#112811 25-Feb-2008 00:25

Don't know specifically if my following recomendations will deal with this particular nasty, but they are pretty darned good.
http://freedrweb.com/cureit/ (Standalone scanner/cleaner, no need to uninstall previous AV, usually, runs from the download location, re-download to update, approx 5Mb)
http://www.superantispyware.com/download.html (Superb free or paid versions of this antispyware. Detects many things, including files trying to hide by use of ADS. Pretty much replaced AdAware as the current state of the art scanner.)
http://free.grisoft.com/doc/download-free-anti-rootkit/us/frt/0 (Free AVG antirootkit tool. There are better, but this one is easy to use and interpret. Results of rootkit scans can require a bit of esoteric interpretation.)
Good luck.
(PS, should you ever decide to remove Norton, don't forget to download and use the removal tool following the uninstall.)

heavenlywild

5059 posts

Uber Geek

Trusted

#113072 25-Feb-2008 22:23

Tarq57: Don't know specifically if my following recomendations will deal with this particular nasty, but they are pretty darned good.
http://freedrweb.com/cureit/ (Standalone scanner/cleaner, no need to uninstall previous AV, usually, runs from the download location, re-download to update, approx 5Mb)
http://www.superantispyware.com/download.html (Superb free or paid versions of this antispyware. Detects many things, including files trying to hide by use of ADS. Pretty much replaced AdAware as the current state of the art scanner.)
http://free.grisoft.com/doc/download-free-anti-rootkit/us/frt/0 (Free AVG antirootkit tool. There are better, but this one is easy to use and interpret. Results of rootkit scans can require a bit of esoteric interpretation.)
Good luck.
(PS, should you ever decide to remove Norton, don't forget to download and use the removal tool following the uninstall.)

Thanks mate, I'll try out the apps and see how they go!:)

Tarq57

156 posts

Master Geek

#113073 25-Feb-2008 22:34

Welcome. Let me/us know.