Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.bacaid Infection. Unable To Get Ridd Off


  • Please log in to reply
1 reply to this topic

#1 KingVeltie

KingVeltie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 14 January 2008 - 05:10 PM

Hi,
Ok here goes.. Monday Last week I got a notebook from a client, it was suspected that loading AVG free with an existing copy of Symantec 2005, cuased the computer to slow, It also was thought that the computer might be infected with a virus but was unconfirmed at that stage.

Well I used my memory stick to transfer a tool to the notebook, but was unable to get to the folder I saved it on the stick, as explorer terminated as soon as I drilled down to the second folder from the root...
I then suspected that there is a virus on the notebook. Undeterred; as I have antivirus (Avast) on my office pc, I reinserted the memory stick into my office computer and did a virus scan. With a negative result I opened the memory stick and walla got infected on the pc...

Doing a scan on the office pc the virus w32.bacalid, w32bacalid!inf, Generic2.OEH were identified and apparently quarantined and deleted. Ha Ha Ha F*Ha
The rest is history............

What I found was that the virus infected the memory stick by hiding the original folders and creating copies of the folder with an exe extension.
Also all windows system programs terminate prematurely. Example – System properties, Control panel etcetera. (both computers). This scenario plays itself out on the Notebook as well as the PC.
I also noticed some strange processes running in the Taskmanager. “Hole.zip” and “Blank.doc”, killing them was impossible as they just returned with avengins. Also the Autoexect.bat in the root got hidden and replaced with another un-hidden one with a lot of garbage in it. When deleting it, it just returns after a while or it will be back on the next boot..
Also when un-hiding the system files and hidden files, the properties just get reset after a while or on the next boot.
These scenarios are similar on both computers, just worse on the notebook.

After reading about the virus on the internet, all indications was that is easy to remove, and that it is rated as a low damage virus. It infects the .exe and .Dll extensions apparently....
Removing it was just a question of updating the Antivirus program ,scanning the computer and running the provided tool from one of the antivirus vendor sites......
Ha F*Ha Ha..........

The notebook has XP Home and the office Pc XP Pro.
So I turned to the blogs, following Major Geeks Websites instructions (as they were the first to reply) on the notebook, I got to a stage that the strange processes running stopped, the Autoexect.bat file were gone and everything seemed ok... But just after a bid of browsing on the computer guess what happened.......
Ya the F* were back in avenges and put me back to square one. This time even terminating explorer more quickly, I cannot even browse properly........

Reading a bit more I gathered that the virus does not infect Vista, so I took my memory stick and put it in the Vista PC, the virus was detected and moves to the vault and the memory stick formatted. So far it has not surfaced again in Vista........... phewww

Well I suggest a fresh start..

On the notebook I followed all the directions provided my Major Geeks....???
On my Office PC I ran CClean and Hijack this and selected everything to be fixed or deleted out of frustration.
The computers are still infected and I want to win this virus without reinstalling if possible........!!
I am in your hands for assistance as there were not internet site on the Web that gives a manual removal of this virus>>> Why I would not know???

Please advice. Just remember it is not possible for me to always run any program as everything terminates.. I usually use the command prompt to assist me to get to the program, but it does not work all the time.

Why this virus is rated so Low but is has such a devastating effect I would not know??? :thumbsup:

Kind regards
Melt

Attached Files



BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:26 AM

Posted 29 January 2008 - 04:43 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users