Gen:Variant.Kazy.79682-virus - How to remove it manually without losing files on computer?

F-Secure found four viruses titled "Gen:Variant.Kazy.79682" from my pc last night. 

 

F-Secure said the files infected by the virus are packed (like in a zip-file) and F-Secure can´t handle them automatically. 

F-Secure said the files infected by the virus are titled "fi6F51EA7D8..." and "stream 3".

F-Secure suggested me to open the zip-files and remove the files infected by the virus manually, but when I searched from my computer (with Windows Explorer) "fi6F51EA7D8..." and "stream 3", my computer wasn´t able to find these "fi6F51EA7D8..." and "stream 3" files. 

 

How am I able to remove the Gen:Variant.Kazy.79682-virus without losing my important master´s thesis files on my computer, when the computer can´t find the files infected by the virus?

 

Does anyone have an idea what Gen:Variant.Kazy.79682-virus usually does?

I´m writing my master´s thesis and I´m wondering is it wise to open my computer at all before Monday when I hopefully get customersupport from F-Secure?

 

Thank you so much for your replies!!

Comments

  • Simon
    Simon Posts: 2,667 Superuser

    Sounds nasty, and I hope you get the help you need - but I think it's best left to someone more professional then me.

     

    I guess this begs the question though, how did the machine become infected in the first place?  Did it get past FS, or was FS not installed when the machine was infected? 

  • Blackcat
    Blackcat Posts: 503 Influencer

    It looks like a nasty little trojan;http://www.enigmasoftware.com/genvariantkazy-removal/

     

     

    Emsisoft state that they know of this infection and that their AntiMalware product can detect it. http://www.emsisoft.com/en/malware/?Gen.Variant.Kazy.79682.AMN

     

    You can sign up for their Forum where they have a separate section devoted to helping with malware removal; http://support.emsisoft.com/

     

    Maybe worth a shot while waiting for the experts at F-Secure to get back to you. As you say, you will have to manually delete the infected files.

     

    In the future I would highly recommend layered protection where you are not just relying on an AntiVirus; I can highly recommend Sandboxie/AppGuard/NoVirusThanks as excellent companions to an AV.

     

    More importantly, I would always have imaging backup on any computer so you can revert back to a clean state; AX 64 Time Machine or Macrium Reflect are highly recommended in this regards.

     

    Important thing here is not to panic as your thesis is still there together with the malware.

     

    Once up and running clean again, take a backup to an external drive/load copies of your thesis on an external drive/flashdrive/online storage site.

     

    Good luck.

  • Minde
    Minde Posts: 2

    Thank You for your reply!! Unfortunately it did get past F-Secure. Seems to be nasty.

  • Simon
    Simon Posts: 2,667 Superuser
    BlackCat's advice sounds worth a try.

    If it was my machine, what I might try is going into Task Manager and manually closing all running processes, except explorer.exe, and those belonging to F-Secure. Hopefully one of the processes will be the virus, and then I would try another scan with FS to see if it can deal with it. If at any time things go haywire, a reboot should get you (and the virus) up and running again.

    But, as I've said, that's what I would do, sitting at my own machine, and it's a pure guess as to whether it would work. I would still recommend you get professional help by raising a support ticket with F-Secure, or perhaps try the Live Chat facility.

    Good luck!
  • Simon
    Simon Posts: 2,667 Superuser

    Would it be unfair to suggest that it's a little disappointing that F-Secure didn't block this in the first place, given that it appears to be quite a well established trojan?  It's all very well detecting the virus after it's infected the machine, but I thought the whole idea of security software was to prevent infections, not just detect them once it had let them in.  It's a bit like shutting the stable door after the horse has bolted, but in reverse!

     


    @Blackcat wrote:
    In the future I would highly recommend layered protection where you are not just relying on an AntiVirus; I can highly recommend Sandboxie/AppGuard/NoVirusThanks as excellent companions to an AV.

     



    I agree, but would FS allow those to run alongside it?  One thing I've often found irritating is that many vendors, FS included, claim that their product offers a 'complete solution', and that no other security software should be running on the machine.  They even go to the point of insisting on removing other software upon installation of their own.  In this case, it seems that solution was rather IN-complete, and does suggest that one product alone cannot be entirely bullet proof.

  • Blackcat
    Blackcat Posts: 503 Influencer

    IME, F-Secure IS 2013 and the beta 2014 run happily with either Sandboxie, AppGuard, or NoVirusThanks EXE Radar Pro.

     

    I have even ran Malwarebytes Pro in real-time alongside F-Secure for several weeks even though until recently F-Secure removed this program as "it was considered incompatible".

     

    I have ran layered defences for years now with an AV backed up by some sandbox or an anti-executable.

     

    But much more important than security software IMHO is having a reliable backup procedure to an external drive. No security software can guarantee 100% protection so reliable backup procedures are essential. 

     

    So ANY Antivirus should not be considered as the only defense barrier to malware.

  • Simon
    Simon Posts: 2,667 Superuser
    I have MWB installed, but only the on-demand version. FS kicked out SuperAntiSpyware back in 2012, but I do have Windows Defender running, which has never caused any problems. I tried PrevX, but things went a bit pear shaped from what I recall. I'll check out the ones you've mentioned, but I agree, backing up is essential too.
  • Blackcat
    Blackcat Posts: 503 Influencer

    @Minde

     

    Did you manage to remove the infection?

     

    If so can you share the solution as it may help other F-Secure users in the future. Smiley Wink

  • Thanks, Ondrej, for that incredibly informative and enlightening reply!  I will be recommending this article for inclusion in our Tribal Knowledge Base so that others with similar concerns can find the information quickly and rest easily!

     

    If anyone has additional questions about this topic, please do post here, so we can make sure we identify all of your questions in our KB article, and share them with all our Community members!

     

    // Chrissy

  • Blackcat
    Blackcat Posts: 503 Influencer

    "Needless to say that it is also recommended to make sure that your computer has the latest hotfixes, patches and updates, and just as important your other applications like office programs, PDF reader, browsers, mediaplayers etc. are updated with the latest patches and fixes or upgraded to the latest versions.
    Using outdated software will open the most common attack vectors to your computer which can, even if not leading to your PC being actually taken over result in a lot of virus warnings of this sort."

     

     

     

    So would not a vulnerability scanner (which a number of AVs have now-eg. BullGuard)  be a good addition to F-Secure (within the program and not an online one) ?

  • Indeed it would be a good addition, as this kind of programs don't interfere with the security solution to protect the system.

     

    Regards,

    Ivan

  • Jenni
    Jenni Posts: 539 F-Secure Employee

    Hi guys,

     

    I've turned this conversation into a knowledge base article. Many thanks for your contribution!
    http://community.f-secure.com/t5/Security-for-PC/Viruses-were-found-but-were-not/ta-p/31309

     

    Cheers,

    Jenni

     

     

  • nancy
    nancy Posts: 1

    i am reading post on here and was wondering to download a cleaner to rid of this, does the download do it all for me or DO I HAVE TO DELEATE FILES? i do not want to remove it manually. thank you

    im looking at blackcats post...

  • NikK
    NikK Posts: 903 Forum Champion

    Don't know what download you're referring to. My understanding is that you may have to kill some processes to be able to delete the files manually. As previously described "F-Secure" can't delete certain files, for example locked files or files inside archives. So for certain types of infections you have to delete the files manually.

    I found some additional information on Bitdefender forum saying that Gen:Variant.Kazy is a generic detection for Vundo and that "You don't have to replace the files because they were created by the trojan."

     

    To F-Secure

    When reading the post by @Ondrej that later @Jenni did a KB article on, I see two things that in my understanding are incorrect:

    • The "advanced process monitoring" setting was removed in IS 2013 and only applies to 2012 and earlier. It's replaced with "Compatibility Mode" that is already off by default for maximum protection.
    • The Online Scanner has no "full scan" option. It scans (only) active processes, memory + additional parts of the file system that typically gets infected, but it does not perform a "full scan".
  • NikK is actually right on both accounts.

     

    “Advanced Monitoring” still exists in 2013 as functionality, but the dedicated setting has been removed. The logic has changed as well, “Advanced Monitoring” is now enabled by default, and will be disabled if “Compatibility Mode” is ticked.

     

    As for the Online Scanner, the latest version also has no options anymore to choose what to scan, and it is somewhat debatable whether it's scan qualifies as “full scan” or not. In terms of malware scanning and removal it does a “full scan on everything that is active”, covering all types of malware, including rootkits. (Online Scanner scans for rootkits in the memory and then boots into Linux to clean them up). What it does not scan are inactive files, closed archives, external media (like USB sticks) or the users e-mails.

     

    I based my answer on my general experience without actually checking the new GUIs. My bad.

     

    Thanks NikK for spotting this and clearing things up Smiley Happy

     

This discussion has been closed.
Pricing & Product Info