Must Have the Technical Knowledge: VIRUS PROBLEM

Beam telecom customers are facing this Virus problem CCDRIVE32.EXE, and this virus was changing filename frequently every few weeks, Presently Virus name is GHDRIVE32.exe.

Location C:\Windows\ghdrive32.exe

Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft Driver Setup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run | Microsoft Driver Setup

May be it will change after some time but --drive32.exe will be there.I think Every one who visit the Customer place already face this problem internet will work for 5-10 Min after restarting the computer then again it will get disconnect.

After infecting by --DRIVE32.EXE virus others viruses will get easily entered

And the Big problem is this Our Antivirus Symantec Endpoint Protection was not able to detect it.

This Image was taken from Customers PC its showing Antivirus is up to date but still virus is there.

What --DRIVE32.EXE will do after entering on your computer?

Opens several TCP ports, connects to remote hosts, Connects to remote IRC server, this virus installer may download more harmful files from the internet. And within 5-10 minutes your internet will get disconnected, it will show connected but you will not be able to Browse it. If --DRIVE32.EXE virus will entered in the computer in the 90% cases this virus is also there CSRSC.EXE.

Make sure that CSRSS.EXE is not a virus its a computer file only 1 letter Difference.

CSRSC.EXE is a process which is registered as W32.Spybot.CF Virus. This Trojan allows attackers to access a computer from remote locations, stealing passwords, Internet banking and personal data. So we need to take care of this type of files.

It just takes 2 minutes to verified.

How to Verify you are infected with this particular virus ?

1) You can find out if a process appearing in your task manager, by going to Task Manager. how to open Task Manager

a) Right Click on the task bar and click on the task manager

b) Press ALT+CTRL+DEL

this will open the task manager.

2) Click on the Processes then click on image name it will arrange all exe files by names.

3) Then Find out the virus file --DRIVE32.EXE or CSRSC.EXE.

ii)

If Task Manager has been disabled then u can find out through prompt also

Click on start run type CMD click on ok

in the command prompt type TASKLIST

this will show u the running processes in the task manager then u have to find out the virus file

iii)

go to run type MSCONFIG

click on startup

this will shows the startup running programs

here also u will find --DRIVE32.EXE Microsoft driver setup.

And in the startup u can also disable the startup items which we don't to use it every-time like messengers, media players etc. Just Un select it from the startup items and click on OK.

How to Removed this virus?

You Already have the Antivirus and it is up to date and scanning as per your schedule but our Symantec antivirus was not removing.

Download MalwareBytes Anti-malware (MBAM). free version 7 MB file

Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version. update file is 6 MB