Security Software orans.sys file infected by hacktool.rootkit?

[apollyon]

2-3 of my friends r facing this same irritating problem...they use symantec corporate edition av 10..at bootup a popup box displays a message saying "orans.sys file infected by hacktool.rootkit"...it then quarantines the file...this message keeps on popping up...a lot of programs hang for no reason..after connecting to the net, u cannot disconnect..the connection hangs!!
i tried deleting the file from quarantine...no use
in dos mode the file cannot be seen...no other antivirus detects it...really irritating n weird prob!...plzzz help guys

 

[XTerminator]

Is the file already quarantined??
Also, i think this is detected by HijackThis...try using that to remove it.

 

[XTerminator]

Maybe This will help..
first result on Google:bleh:

THIS

 

[KingKrool]

W32/Tilebot-J worm

 

[Blade_Runner]

Chk this out apo

Link

Link

And yeah tell your friends that it's high time they patched their win xp copies.

Moving this to Troubleshooting.

 

[apollyon]

so if i delete all the quarantined files n run autopatcher, will the problem be solved??

 

[Blade_Runner]

And remove the entries mentioned in the above threads using Hijack this. Also make sure that auto-restore is off. Most virii have a field time using this new feature of winxp.

 

[apollyon]

^^which ones??...plzzz tell, could not make out myself

 

[Blade_Runner]

Apo post the Ewido and Hijackthis log and also enable hidden files b4 u do this. This problem shud mostly be solved by turning auto restore off and deleting the orans.sys in safe mode. But need to look out for registry and start-up info as well. So try and post both the logs.

 

[mehargags]

boot to safe mode

use hijackthis to clean all that u see is malicious

clear IE & firefox cache

boot to normal mode & see

if still it gives the prob, the quarantine cache is corrupt. Uninstall symantec AV corp & reinstall it. Be sure to grab the latest version of Liveupdate from symantec site

this sh'd remove the prob of sure