is there a removal tool for win32/chepvil.k

[lynxster]

need to work on win 7 x64

TIA

[INDRANIL]

Which resident protection do you have ?? Download Hitman Pro and scan (Do not activate pro version until you found any virus)& Malwarebytes Anti-Malware make a scan. Clear your cache, cookie, temp file. Post a HijackThis log here.

[lynxster]

i have malewarebytes and AvastIS windows defender
but i was not paying attention in my yahoo account downloaded what i thought was a pdf scanned by yahoo's norton and it was an exe that look like a pdf iwill try hitman pro and get back to you i scanned with jotti duhhhhhh after i opened it a copy and avast did not detect but fsecure to name 1 of a few did detect i have full version of fsecure suite but have not installed on this pc will get back to you thanks again

[LunarWolf]

Didn't avast detect it? If no, just submit the file to avast virus lab at virus(at)avast.com. It will be added to the next VPS update. Then I think avast should be able to remove it.

If avast detect it, your system should be safe already as the file is move to quarantine.

[princeaniket]

this specific problem cause building a file name pusk.exe ...
one of the main reason for infection with this tool is " Downloading pirated stuff" or clicking over the unknown web links....
use antivirus with " latest updates" ...
F secure can detect it too..install..update it and scan the whole PC...
else free Microsoft security essential is also gud..
else.. hitman pro and malware bytes are very useful.. as said by Indra...

[Ceyfer √]

but i was not paying attention in my yahoo account downloaded what i thought was a pdf scanned by yahoo's norton and it was an exe that look like a pdf iwill after i opened it a copy and avast did not detect but fsecure to name 1 of a few did detect

Worst thing always happens, when you let any unknown file slip away and executed it for good. The reason why most AV doesn't detect the attached malware file ( mostly trojan dropper/agents ) is because it is continuously design to defeat conventional scanners ( its detection algorithm ).

And regarding with your concern win32/chepvil.k, my friend this is really a bad news:

• A new spam campaign using UPS (United Parcel Service) as a social-engineering draw was initiated this week. The spammed message contains an attachment, detected as TrojanDownloader:Win32/Chepvil.I. The spam campaign actually started around March 16th 2011. The threat was originally detected as Backdoor:Win32/Hostil.gen!A (was Backdoor:Win32/Hostil.F). More specific signatures (TrojanDownloader:Win32/Chepvil.I and TrojanDownloader:Win32/Chepvil.J) were added on March 22nd 2011.
  
  Win32/Chepvil is a trojan that downloads other malware such as Rogue:Win32/Winwebsec, Rogue:Win32/FakeRean, Backdoor:Win32/Cycbot.B and VirTool:Win32/Injector.gen!BG. The retrieved malware is saved to the %TEMP% folder and then executed. Microsoft Malware Protection Center has noticed that detections over the past few days have gone from a handful to around 400k per day.
  
  ( Source: MMPC )

Expect some nice foreign backdoors inside your box. It's cleaning time!

[Minni]

Hi, I signed on to this forum, because when googling for key words:
win32 chepvil.k
I found this post, so decided to add my experience for the record.

Just today, I'd gotten notice from HSN that something I purchased last week would be delivered by UPS.

So it was only natural, that when I simultaneously noticed something from UPS in my SPAM Folder, I clicked on it (since YahooMail has been known to occasionally dump my legitimate email in SPAM.

Oddly, it was a zip file, but I thought hey, UPS has always been so difficult for me to get normal customer service, that this is just another of their shtick.
It was from: "UPS" adminsziobame at dhl.com
It was to: an address other-than-mine (so not sure how it got to my email box!

Bam - upon clicking I got these warming messages from MS Security Essentials, which I decided to ignore (due to MS so often "crying wolf").
But Security Essentials persisted in not letting me download, and instead removed chepvil.k (that's how it's listed under the MS "Action Taken" listing, which their "Alert Level" pegged as a severe Trojan.

I can't believe I was so absentmindedly stupid! (i.e. I usually ignore UPS stuff that's in my spam folder.
If not for Security Essentials I'd be in hot water which happened to me plenty in the past.

[A Guy]

First [url=http://stopmalvertising.com/spam-scams/unsolicited-email-from-fedex-inc-installs-tdss-rootkit.html]some reading , then a [url=http://support.kaspersky.com/viruses/solutions?qid=208280684]tool . Good luck. A Guy

[JayCub]

Thank you A Guy for the link, unfortunately for many UPS was an ideal target as so many of us use their services thankfully the links i have used are directly from the account on the site and then to UPS for tracking.