Security Software Notorious Virus Problem!

Status
Not open for further replies.
prabs

prabs

Herald
A very weird virus crept into my system yesterday.

I used the following:
Antivir
Spybot 1.6.1
Sygate Personal Firewall
Anti Malware bytes.

I scanned the pendrive before double clicking on it. And both Antivir and Anti Malware showed no infection. On double clicking on it later I triggered the virus thru autorun.inf file located in it. I downloaded and tried both rootkit revealer and hijack this.

I then rebooted in safe mode and ran smitfraudfix in both admin mode and user mode (with admin rights).

Then rebooted in normal mode. I then realized that the virus had attached itself to both the hijackthis and rootkit revealer.

The symptoms are:
Everytime you run an executable file it attaches itself to that exe file.
In task manager you can see 2 tasks simultaneously start one of them is the original exe and the other is an exe with any bogus name.
It places itself in the temp folder but when u close the main application the bogus application also stops and disappears from the temp folder.

I took the following actions.
Reinstalled Xp by deleting the c: partition to convert it into RAW space and then reformatted it.
Installed:
Kaspersky 2009 trial version.
Comodo Fire Wall (Defence Plus)
Spybot 1.6.1
Anti Malware BytesTurned off system restore on all drives.

I am still not sure if the problem is fixed. I have noticed that IMAPI (I know it is used for dvds and cds but is this how the genuine imapi functions) starts after booting but disappears quickly. In services.msc it is set to start in Manual mode.

Please help.
 
I recommend you scan all the software exes on your other drives and see if you can find something using kaspersky. Also don't use pen drives by auto clicking. There are numerous viruses which spread through pen drives now. I have disabled auto run for all removable media on my computer for the same reason.

You should also disable automatic restore, as many viruses hide using that feature.

Hope it helps.

Cheers !

~M
 
do you have system restore enabled? if yes then there is a possibility that the virus is still there,..otherwise if it is turned off then there are little chances of the virus still persisting.
 
I have turned off system restore on all drives. I ran a full scan using Kaspersky last night but didn't complete it (ran out of patience at 3 A.M. closed it and went to sleep). Will run a full scan today after reaching home.

How do I disable autorun on removable media w/o connecting that device. I have formatted the pen drive but formatted it before reinstalling XP.

Is it a good idea to press Left Shift Insert the pen drive format the pen drive and then disable autorun?
 
the methods given there are pretty straightforward,..i guess you will need to use only one method but using both methods wont harm your comp either.
 
The virus is back with a vengeance.

I ran a kaspersky scan and it found nothing, the moment I installed Java runtime enviroment and flash player and restarted the system, I could not log into the system. It keeps asking me for a password to log into my account, but I haven't set any since there is only 1 account. I can still login to my account without any password in safe mode.

I set a password in safe mode which helped me to log in normal mode. I tried removing it in safe mode and log in again but the same problem occurs again. So I repeated the steps in safe mode. I'll try restart ing the system and see if the password holds after a few restarts or not?
 
@Kippu can't afford to do that.
What if I try reinstalling Xp but this time delete all partitions and then try to reinstall?
Also is it safe to burn a few video files I have using Nero before formatting everything?
 
Why not create a bootable antivirus cd and boot from that to scan everything. Both avira and kaspersky provide bootable cd iso on their site . Use them . There is no virus that can survive deleting all partitions and format. Backup your data on dvd's and delete all partitions and reinstall just to be sure . I would have gone the bootable cd way though.
 
ab1 said:
hey r u using , this Anti-virus-1 software , if yes uninstall it
Click to expand...

Anti-virus-1 ? I meant Aviara AntiVir. I am now using Kaspersky but that too has failed.
The virus is affecting any exe files that I run but seems inactive during safemode. I am going to connect it to another machine and try to take backup of imp data.

OPERA memory usage beyond 500mb. Same for Mozilla. I can't use nero in such a situation.

Will deleting and recreating all drives during XP reinstallation fix the problem plus will this get rid of the virus in boot sector if any?
 
I can't run anything. The moment I download or install anything, the virus attaches itself to it. And then that program turns useless.

ATM I've brought my hdd to my office I am hoping to fix it here.

I need some documents from my hdd. Is it possible to use pendrive in safe mode so that I can take back up.
 
should be possible to use pendrive in safe mode. but there is a probability that you would copy infected files on it too.

Best to take your hdd to a standalone machine (with updated antivirus) without any network and remove all viruses from it there.
 
Just found out I am not allowed to connect my hdd on office machines. Well so much for recovering the data.
 
Try the kaspersky bit defender boot disks, these will scan all of your pc..get the latest ones from the respective sites..

That should sort out your problem..

other way to go,

1) Shut down the system properly,

2) Get Ubuntu live cd, copy all the data to a 8-16gb pendrive (if it will fit or burn the dvds..)In this case boot ubuntu off a pendrive..

3) THEN, format the whole HDD, install latest norton 2009 80 days trial.

4) scan copy the data back..and see if its recoverable..
 
Status
Not open for further replies.
Top Bottom