Security Software BIG virus problem !!!!

[raksrules]

My cousin is facing a big problem with his machine. Here's the gist of the problem

Opening most of the applications is followed by them being shut down as soon as they are opened
Not able to install anything new (especially antivirus)
Cannot open any browser. As soon as it opened and address typed the browser shut downs
Right clicking on taskbar reveals that the TASK MANAGER is disabled so cannot see what is running behind.
msconfig checked for what is starting up. Here's what it is like

1. Something called C:\AUT0EXEC.BAT is there which is hidden and not visible when show hidden files option is enabled also. Deleted it from Dos but it comes back. Notice that in the above name it is ZERO instead of 'O' in the filename

2. some application named XXX is running which is in c:\DOCU..\USER_NAME\Local...\temp... where XXX is a number

3. If disabled or unticked a new number application is made at system restart

Now how did i find it. I connected to my cousin's PC using team viewer and controlled his machine from here to identify the problem. ,My cousin is not that too sound with technology to solve this issues himself.

Please suggest what to do ?

 

[M@crosoft]

hey mate u'r problem seems to big

i think it is better to re install windows or try restoring the pc to earlier time
BTW this not win 32 or any trojan

best of luck,
cheers,
microsoft

 

[raksrules]

^^ Lolz.... answer coming directly from microsoft

 

[M@crosoft]

^^well i'm not the official one

 

[raksrules]

^^ I Know...but FANBOI for sure hyeah:

 

[logistopath]

Reinstall should be the last resort. Ask your cousin to boot from a Live CD if possible and delete the offending files. Then he can log in to safe mode with networking, run an online scan and check again. Finally, boot into Windows normally, install a good AV program and run it fully.

 

[raksrules]

^^ But thats the problem, we dont know which all files are causing problems. On top of it as i mentioned that they dont know much about computers and hence cannot solve this issue themselves.

Probably i will have to tell them the so called computer engineer to get the OS reinstalled. I am not in Pune/Mumbai else would have got done myself.

Probably will suggest them for a clean install.

In that case, is there any way we can backup things that are needed ?

 

[it_waaznt_me]

Hmm... Posting this reply after a long time ..

How about posting a HijackThis logfile of your cousin's pc ..? I think he's got some variant of Brontok ..

 

[logistopath]

My bad.. I thought the offending file had been identified. As mentioned above, put up a Hijackthis log file..

 

[DanDroiD]

You should at least clear out the system volume information by turning off system restore and then turning it back on, many of these files hide there and so they just duplicate themselves after a reboot or clean.

 

[manu1991]

Why dont you access the PC remotely and solve the problem ?

 

[raksrules]

^^ how do i do that

I mean i did try. What i did was since it was not allowing the browser to open, i downloaded the Avast setup on my machine and transferred to his machine using the internal file transfer utility of team viewer. But the setup refused to open on that machine. Thats because of this virus

 

[6pack]

disable system restore first like pixelpusher said. next boot into safe mode and run the antivirus which is present in his system. do a full computer scan even if it means spending 3-4 hours. just see that the antivirus is updated too.

 

[jith77]

@rakrules..........my friends pc is having the same issue....did u find the solution?

 

[raksrules]

^^ Nah i have not checked with them and the best i have suggested is to get the machine reformatted. I cannot personally check the machine but i did check it from a remote location and that thing did not even allow me open the task manager

 

[Bl^nK]

It is an Win32/IRCBot.AOZ trojan variant infection mostly a unique stub and is creating ghost processes on the machine/disabled the task manager .It creates registry entries, so that it runs every time Windows starts, also distributes itself by creating autorun.inf on external drives.

Tell him to download and run

Download Autorun Eater 2.4 - Scan and Remove Suspicious 'autorun.inf' Files Automatically! - Softpedia

Then install Avira AV ( It detects unique stubs of virus/trojan variant better than any other AV out there)

Free antivirus - Avira AntiVir

Then install ZA Extreme Security

ZoneAlarm Extreme Security Free Download and Reviews - Fileforum

Mostly by now all his stored FF/IE Userid/Passwrds, CD-Keys etc are stolen by the Botnet Opr, so after doing all the above steps tell him to change all his important passwords as well.

 

[raksrules]

^^ But it does not allow to install softwares. Thats the problem

Also in worst case if it does not allow me to install them, can i install that in my machine, copy the entire installation and transfer to them and run there ?

Also i think you are right in mentioning that the stored password must have been stolen. I am saying that because he had told me last week that he is not able to login on his yahoo (or gmail..dont remember) account and his correct password was not working :S

So i told him to go through the 'Forgot Password" link to get the password / reset the password and that is fine now.

 

[sohail99]

Is it restricting registry changes too?

if not, then the method u mentioned might be possible.

Also try to install Spybot S&D, it will ask for your permission every time a new startup process is attempting to run!!

so that u can prevent it from running.

 

[djmykey]

Tried running a scan from a bootable AV disks (if they are available) or else starting the machine in safe mode ?

 

[talsilo]

may be the registry is locked by the virus and can't be changed, that is why new progs cannot be installed. Try installing Malwarebytes anti-malware (this shd get installed despite the problem), and run it. A quick scan first, and a deep scan later on.