Virus hit on the System

Status
Not open for further replies.
ashvarybabul

ashvarybabul

Discoverer
Yesterday my aunt asked to take some files from her computer in the pen drive and mail it to her brother...

When I was taking files, I immediately understood that there are many virus in her computer...[there was not antivirus in her computer]
Then also I took the files...

When I copied those files in my computer, my antivirus [kaspersky] immediately showed the warning about the virus..
It showed the option of 'delete' and 'Skip'....
I skipped it that time thinking that after mailing the file I will delete it....

Just after a minute most of the file had got corrupted by the virus...

All the folders of all hard disk partitions turned as a .scr file and were not opening properly...
And the computer was hitted by the virus - "Virus.Win32.VB.dg"

And now the situation is that all the folders of all partitions had turned to .scr file and when computer is scanned (by kaspersky), it shows all those folders as infected by virus and give only two options of
"Delete" or "Skip"

If skipped, problem could never resolved..
and if I select delete option the folder is deleted...Hence loss of all data..
Thus if I selects delete option, all the data(from all partitions) will be lost...

And if I try to format all drives, again a complete loss of data...
And if I try to backup those files before format, the virus will be still there with the backuped files...

So guys plz suggest me what to do to get rid of this virus..,:@
Also, most of my data is very important and I dont want to loss even a single piece of it....
Thanxx in Advance
 
you are too negligent to ignore the antivirus warning mate. You ought not have taken such risk.

Mate, you mean your folders got converted into files ? or just the files got converted to a different extension (from EXE to SCR)

If its 1st case, then you have to check by using a boot disk whether they really got converted into file. If the boot disk environment shows the existence of the folder, then no problem. formatting/ Reinstalling O/s would solve the issue

But. If the folders were really converted to a file, then you must use a different AV software like Norton or bitdefender.

Now if i were you, i will try -
(a) a different AV software - if not solved then,

(b) reinstalling the O/s after formatting the O/s partition
manually renaming the SCR files to EXE files.

Hope this helps
 
This is a trojan called virut and i also faced it some time back and it was one of the most dangerous virus i had ever seen . I had formatted and reinstalled windows for 5 times but still the virus came back . Download virut removal tool and boot into safe mode . First take out any net connection , if you have broadband connection then unplug the cord from modem and then run the tool . After that in normal mode open task manager and see if there are any funny programs running . After removing the trojan a fresh windows installation is recommeded and install a up to date antivirus .

This virus alters all your exe files and so when you install new programs all of them get affected by it . I usd Dr web's cure it virut removal tool and it worked for me but dont forget to close your net connection . If it gets access to your net then the virus downloads even more malicious content from net and makes your system unstable and a point comes when it is unbootable even in safe mode . It further uses your net connection to spread spam !! I advise you to get rid of it ASAP .
 
I mean to say,
suppose name of one folder in "Google"

Then When I see the detail view it shows
Name - Google
Type - File folder
Size - 40KB (which is actually wrong,, and 40KB is same for all folders)

And on making right click - the contents of menu are also changed
It shows options like - Test, Configure, Install etc...

and when the warning is shown by antivirus for deleting infected file the file is described as - E:\google.scr
and if I select delete option, the original folder is deleted..

Moreover I could not open the infected folders...
 
I have myself learned some programming languages but never seen any cooding of such time , the virus uses complex cooding and therefore is almost impossible to delete them through latest antivirus once fully active .Also check in task manager if a program named reader_s is running , if yes then you will have to download its removal tool too .

also download microsoft flash disinfector .
 
I am pretty sure that this is not a boot sector virus. But it would be better to fix the boot sector and the master boot record of the OS partition.

Besides doing this, it is a good idea to check whether this malware exists somewhere in the hdd in the form of a folder. File names /folder names which exist with SCR extension has to be thoroughly examined..

Also the autorun files have to be deleted in each and every partition...

rohan_mhtr said:
This is a trojan called virut and i also faced it some time back and it was one of the most dangerous virus i had ever seen . I had formatted and reinstalled windows for 5 times but still the virus came back . Download virut removal tool and boot into safe mode . First take out any net connection , if you have broadband connection then unplug the cord from modem and then run the tool . After that in normal mode open task manager and see if there are any funny programs running . After removing the trojan a fresh windows installation is recommeded and install a up to date antivirus .
This virus alters all your exe files and so when you install new programs all of them get affected by it . I usd Dr web's cure it virut removal tool and it worked for me but dont forget to close your net connection . If it gets access to your net then the virus downloads even more malicious content from net and makes your system unstable and a point comes when it is unbootable even in safe mode . It further uses your net connection to spread spam !! I advise you to get rid of it ASAP .
Click to expand...
 
first use a software like Active boot disk and check the real/physical existence of the folder.. Because sometimes the actual folder would have been hidden by the virus and a virus created file in the form of a folder may exist.

So first check it....
If you dont have active boot disk, then use the windows xp/ vista boot disk , go to command prompt mode and check these folders. If these folders exist as usual you can take a backup through a usb hdd or pen drive and then reinstall/format the partition ( if possible the entire hdd)...

try it...

ashvarybabul said:
I mean to say,
suppose name of one folder in "Google"

Then When I see the detail view it shows
Name - Google
Type - File folder
Size - 40KB (which is actually wrong,, and 40KB is same for all folders)

And on making right click - the contents of menu are also changed
It shows options like - Test, Configure, Install etc...

and when the warning is shown by antivirus for deleting infected file the file is described as - E:\google.scr
and if I select delete option, the original folder is deleted..

Moreover I could not open the infected folders...
Click to expand...
 
mate, u told that you reinstalled your OS 5 times. But what about your other partitions. Did you format them ?. Or atleast did you delete the recycle bin and the system volume information folder ?.

Without doing these just performing OS reinstall will not at all help as the virus will still reside on the above folders...
rohan_mhtr said:
This is a trojan called virut and i also faced it some time back and it was one of the most dangerous virus i had ever seen . I had formatted and reinstalled windows for 5 times but still the virus came back . Download virut removal tool and boot into safe mode . First take out any net connection , if you have broadband connection then unplug the cord from modem and then run the tool . After that in normal mode open task manager and see if there are any funny programs running . After removing the trojan a fresh windows installation is recommeded and install a up to date antivirus .
This virus alters all your exe files and so when you install new programs all of them get affected by it . I usd Dr web's cure it virut removal tool and it worked for me but dont forget to close your net connection . If it gets access to your net then the virus downloads even more malicious content from net and makes your system unstable and a point comes when it is unbootable even in safe mode . It further uses your net connection to spread spam !! I advise you to get rid of it ASAP .
Click to expand...
 
anfjavid said:
mate, u told that you reinstalled your OS 5 times. But what about your other partitions. Did you format them ?. Or atleast did you delete the recycle bin and the system volume information folder ?.

Without doing these just performing OS reinstall will not at all help as the virus will still reside on the above folders...
Click to expand...

Dude those was the first things i performed , other partitions contained backup and data which i didnt want to delete and virus scan didnt show the presence of virus in them . But virut is a clever trojan whih hides itself in any exe files so is difficult to trace . Just google virut and you would know what i am taking about .

There is no curing method to get rid of this virus if it takes full control , you would end up formatting all partitions and loosing all data . OP should not waste any time and follow my advise or atleast google and get information on virut if you dont trust .
 
  • Like
Reactions: 1 person
^ Lol Run a boot up scan, ie when not in your windows environment, i think kaspersky has that option. Avast does have a boot time scan to eradicate viruses. Dont expect a 100% recover tho. THe possibility of loosing files is good. Be careful from next time. :peace:
 
Well finally resolved the attack and now I m Virus free...:hap2:
And that too without a loss of single byte of data...:clap::clap:

It was not a virut since virut removal tool didnt detected it....

Rather it was a Win32:VB-EIK that is Surabaya virus....

I just followed this content step by step and got it resolved...
It was much easier that I thought..
TECHFREAK'S UPDATES ON TECHNOLOGY: How to remove Surabaya Virus ? Manually remove; Get rid off of Surabaya Virus.

The simple steps did a magical work and I didnt suffered any data loss...

Moreover the bitter think was that No Antivirus helped me in the removal of virus..
The were rather busy to delete the effected files...
Also Thanxx to everybody who were out here for an Instantenous help..:hap2:
 
viruts Usually are not removed by antivirus programs but need special virut removal tools , now a days new viruts are being produced and still cures have to found so better keep your antivirus programs up to date . Always precaution are better then cure .
 
Status
Not open for further replies.
Top Bottom