Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Sheur.akyb And Worm/autorun K


  • Please log in to reply
5 replies to this topic

#1 lanz_lilh2o

lanz_lilh2o

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philippines
  • Local time:04:45 PM

Posted 03 February 2008 - 06:45 AM

Hello BC, i'm running a windows xp pentium 4 and just recently my computer got infected with Trojan Horse SHeur.AKYB and Worm/AutoRun K. AVG Free Edition detected it at F:\notepad.exe (for the Trojan Horse) and C:\\WINDOWS\system32\autorun.ini (for the worm). AVG asked me to heal it which I did but after a while it would return again. I can't open my Task Manager also. I got a massage which says "Task Manager was disabled by the administrator".

My USB got infected also so I decided to format it. I still don't know if it will work. I haven't tried it because my PC is still infected.

Please help me with my problem. I am still trying to learn things around here because I'm not a techie person. Thank you very much and more power to you!

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 AM

Posted 03 February 2008 - 08:34 PM

Please download MsnCleaner.zip and save to you Desktop. In addition to removing infected files, it will remove certain restrictions on your system often disabled by malware.
  • Extract (unzip) the file to your desktop. (click here if your not sure how to do this) but DO NOT use it yet.
  • Reboot your computer in "Safe Mode" using the F8. To do this restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A boot menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
  • Double-click MsnCleaner.exe to run the tool.
  • Click the "Analyze" button.
  • A report will be created after the scan and will be saved to C:\MsnCleaner.txt.
  • If it finds an infection, click the "Deleted" button.
  • Reboot normally when done.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 lanz_lilh2o

lanz_lilh2o
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philippines
  • Local time:04:45 PM

Posted 05 February 2008 - 08:25 AM

thank you very much for your help...i deleted 5 infected files (autorun.ini.vir;blastclnnn.exe.vir; nsreg.dat.vir; pictures.zip.vir; setteings.ini.vir). and my task manager is enable again.

the only thing that is not working now is my usb stick. my pc can't seem to recognize it. when i inserted it nothing happens. and when i clicked My Computer, there's no Removable Disk (F) where you could also open the flash drive. I also tried downloading TweakUiPowertoySetup.exe but when i double clicked on My Computer there's no autorplay>drivers. could it be that i am still infected with the worm?

please help me specially with my problem with the usb stick because i use it often in my work. One thing more, my son inserted his card reader and it works fine. why does my computer doesn't recognize my usb stick?

thanks again quietman7... hope to hear from you again!

Edited by lanz_lilh2o, 05 February 2008 - 08:53 AM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 AM

Posted 05 February 2008 - 09:32 AM

Sounds like autoplay is disabled which I recommend it should be as a prevention method. Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Flash drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled. Read Danger USB! Worm targets removable memory sticks.

If you do a search on the net for usb stick not recognized, you will find a lot of complaints with various causes and possible solutions. What works for one person may not work for another.

It you do a search for your specific flashdrive, you may get more information. If you need help with this issue, start a new topic in the External Hardware forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 lanz_lilh2o

lanz_lilh2o
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Philippines
  • Local time:04:45 PM

Posted 06 February 2008 - 07:13 AM

Thanks a lot quietman7... you're doing a great job especially with a newbie like me. i'm learning a lot and this forum is really great...keep it up!!! :thumbsup:

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:45 AM

Posted 06 February 2008 - 08:35 AM

Your welcome.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1".
• "Hardening Windows Security - Part 2".
• "IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users