poet.exe virus?

RobertFoster

I was in the middle of a game of Call of Duty (not that that matters afaik) and AVG poped up saying something about a worm/virus in poet.exe - I should run an anti-virus.

I did. It found 57 infected files. It recommended moving the virus to the "virus vault" - when I clicked this, it told me poet.exe could not be moved or deleted. AVG produced their end of scan report, which still stated I had 57 infected files.

I tried to go into safe mode and run the anti virus that way, but it [AVG] wouldn't start in safe mode for some reason.

Is there any other way to remove this? Has anyone heard of this virus before?

btw: I posted here instead of the security board as it gets more traffic...

C Fodder

Does avg state what the virus name is ?

KdjaCL

Need to turn of system restore and then run AVG.

Are the viruses in C:Systemvolume or C: recycler.

I find turning off system restore then deleting the the virus manually works best, but also you may need to sopt Lsas.exe not Lsass.exe from startting and deltet it from the registry. to stop re inventing itself.

Check norton website for info on the virus beofre you do anything.

kdjac

C Fodder

Use this
http://housecall.antivirus.com/
Virus name worm_poit.a

Will update if I find a fixtool

RobertFoster

This is the alert that came up while playing COD
AVGs explanation
Unremovable
End result stats.

Fodder - when I ran that the alert (first image above) kept on poping up so I quit it.

RobertFoster

Originally posted by KdjaC
Need to turn of system restore and then run AVG.

no change

Originally posted by KdjaC
Check norton website for info on the virus beofre you do anything.

couldn't find anything linked with "poetry"

C Fodder

The only AV company to provide details yet are Trend as far as I can see Norton is saying nothing about it. Either run Housecall from Trend see link above or go to Trend Micro and search for WORM_POIT.A which contains removal instructions (in language that would baffle even a Microsoft technical writer).

KdjaCL

When you ran System restore did you delete all the system restore files?
I have had serious issues getting rid of these ,it keeps coming back cos in registry lsas NOT lsass is calling for it at start up and to be used by a system file.
You could delete the lsas file from system32 again lsas 1 S not Lsass , seriously bad things will happen if you delete the wrong one.

kdjac

RobertFoster

Originally posted by C Fodder
The only AV company to provide details yet are Trend as far as I can see Norton is saying nothing about it. Either run Housecall from Trend see link above or go to Trend Micro and search for WORM_POIT.A which contains removal instructions (in language that would baffle even a Microsoft technical writer).

I ran the Housecall to get the "list" of files I had to shut down, but it couldn't find any. The next step, if you didn't find the list, was to remove poet.exe from the reg and restart.

That done, I got no more errors while playing CoD, and no virus was found when scanned. It did however say that there were 56 infected files.

Following more instructions from that site, I looked for the "Inf" file, which looked like this - 56 files, totaling 156MB :eek: - do you think it'd be safe just to delete that folder, or should I remove it some special way?

*puts bio-hazard suit on *

Originally posted by KdjaC
When you ran System restore did you delete all the system restore files?
I have had serious issues getting rid of these ,it keeps coming back cos in registry lsas NOT lsass is calling for it at start up and to be used by a system file.
You could delete the lsas file from system32 again lsas 1 S not Lsass , seriously bad things will happen if you delete the wrong one.

kdjac

It deleted the files OK afaik (no error messages at least...)

I couldn't find lsas in my system32 folder :dunno: - did however find lsasrv.dll...

I've switched system restore back on as I've found it quite handy in the past.