Virus Infection ..Help Needed !

[Spacescreamer]

Guys ..

A friend of mine has got a problem with his system.. using the very same system for posting this.

Symptoms:

1) The C:\ location seems to be getting some exe files appearing all by itself.

The System had Avast antivirus (non pro edition) and it wd detect and remove those files once in a while.

2) One of his pendrive has been infected with Autorun.inf virus and i dont know wether his pc got the virus from the pen drive or vice versa.

That virus is detected wenever the usb is inserted but was not getting cleaned by any means by Avast.

3) Currently, the chat client Mirc seems to have been infected and is giving some stupid beats from background.

He has McAfee Total protection CD with him and wen trying to install that, only data back up and the site advisor seem to be getting installed.

Ofcource Avast had to be uninstalled to allow McAfee installation, which has failed.

No repsond @ the product registration page.

Putting the system on online scan via kaspersky.. ur valuable inputs req urgently....

Edit: Kaspersky and Bitfender not opening.. giving Page load error. Sites are opening via proxy, but wont proceed to the scan page.

Trying to get something done here. Need advice urgently now !

 

[MohitPreet]

try eset nod 32

or avira antivirus

 

[Spacescreamer]

Thank u for ur valuable inputs Mohit but first of all try to understand the nature of the problem and then try to post.

*Still Waiting for ppl to reply.. dont want to reboot now to aggravate the sceanario*

 

[vrd]

is re-installing the OS not an option? i am only asking this because you did not mention that anywhere in your post.

anyway your problem seems similar to this:

Backdoor.IRC.Bnc.i and Backdoor.IRC.Bnc.i.exe - solve this problem now!

 

[Spacescreamer]

^^Nope

thats not it.

 

[TheNightwing]

Have you tried running the PC in safe mode and running a full system scan? Switch to some other free antivirus while you are at it or try Spybot S&D.

 

[Spacescreamer]

Update:

1) Avast uninstalled, (the AV was detecting the Autorun.info virus on the usb drive, wasnt cleaning/removing it from the source)

2) McAfee not running after installation.. Freezes at account verification phase. McAgent not appearing.

3) Online Scanning pages still not opening.

Options Available:

1) Installed AVG 8 (free) , running the scan with updated virus database.

While scanning the dubious exe file at C:\ , gave it a clean chit.

So not too confident regarding AVG's capabilities.

2) Still Got Avast home edition exe file on the hdd and mite get Norton 360 disc.

I am not too inclined to reboot the system before cleaning the virus.

Waiting for good advice here fellas...

 

[manu1991]

Try scanning it with hijackthis to determine any unwanted programs

Also do a complete scan with Malwarebytes' Anti Malware . It has great detection

 

[Spacescreamer]

^^ In process..

How good is this s/w ..?

i mean a 100% solution kinds ..?? cleaned one bot file (Trojan.Bot) after a quick scan.. but still not able to open anti virus sites.

 

[manu1991]

AFAIK , no software has 100% detection , its practically impossible for the vendors to update each and every definition on time

Its best to use one with HIPS+ protection so that it can detect suspicious file behavior . Avira and Comodo AV (both free) have this feature

 

[Spacescreamer]

Just completed a scan with Malwarebytes..

no infected file found.. and still no access to online scanning sites.

Miles to go before i sleep...

 

[vishalrao]

I know this isn't encouraging but it's probably easier, safer and quicker to just reformat and reinstall. Just backup your non-executable (media/docs) files/data... dump all downloaded installers etc...

 

[Spacescreamer]

not possible at the moment.. else i wd have done it myself.

need to clean up this mess.

 

[manu1991]

Why dont you post the hijackthis log here ?

Check if isnt the Vundo / Virtumonde Trojan . Its a pretty nasty malware , my cousins PC got infected with it and ultimately he had to format it

If nothing helps , try SDfix Bleeping Computer Downloads: SDFix in safe mode , however it is an experimental cleaner , use it only as the last resort

 

[cranky]

Have you tried combofix?

Can't help until you know the exact symptoms and the erring filenames. A log would help, but the only thing to do is deep dive into the \system32 directory and run a visual scan of the files (check for suspicious files). Task Manager usually points out the culprits pretty quickly.

 

[spindoctor]

you could try

Simply Super Software - Trojan Remover

and autorun eater for the autorun virus

Download Autorun Eater 2.3 - Scan and Remove Suspicious 'autorun.inf' Files Automatically! - Softpedia

 

[rahulmig]

uninstall mirc and run eset anti virus .. if installation is not possible.. run online eset scanner which is there on esets website

 

[Rockfella]

download latest AVAST and select scan hard drive before booting and delete all infected files.. works for me but it might delete some important files :-(

 

[DellPresto]

1)Download this link http://tinyurl.com/chy465 and run the scan and using the Malware bytes software and that will clear all the infection on your system

2)Then restart the system normally and all the spywares will be cleared

3)After the scan is finished run Hijack this and if the infection is still not

Waseem H

Your PRESTO expert