Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How Do I Know If I'm Still Infected?


  • Please log in to reply
No replies to this topic

#1 sparrowlily

sparrowlily

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 22 June 2008 - 09:43 AM

Hello. I was recently infected by the Sohana worm which entered my pc via my flash drive. At that time I was running AVG 8.0, Spybot Search & Destroy, Spyware Guard, and Windows Firewall. AVG did not detect it, I only knew I had an infection when Tea Timer asked me to allow a couple of registry changes. I clicked deny change, and maybe I made a mistake somewhere because the changes were allowed and all of a sudden my Yahoo Messenger flickered and sent foreign language links to my contacts. I also discovered that Task Manager was down. I immediately switched to Safe Mode with networking. I looked around for help and I found a blog with step by step instructions. I found out that I had scvvhsot.exe and blastclnnn.exe in my system. I followed the directions, which suggested that I use the following programs: avast antivirus, Ccleaner, NoobKiller, Autoruns, SuperAntispyware, SDFix and Combofix. I followed all instructions, Noob Killer restored my Task Manager function, avast killed 3 infections, and I found and deleted a scheduled blastclnnn task in Autoruns. After being pronounced clean by avast I changed to Avira Antivir premium which also pronounced my system clean. I used it to clean my flash drive, and it named the infection as Sohana worm (scvvhsot.exe, New Folder.exe). I was careful not to click on anything else which may lead to a reinfection.

My problem now is how to make sure that my system is clean. I realize now that what I did was very risky and could have led to my computer's demise should I have allowed one of those programs to delete an essential program or code. Good thing my computer apparently survived the infection (and my lack of expertise) and that I found this site, if only a little too late.

Hope someone can help me. My current settings are as follows: Windows XP (SP2), Avira Antivir Premium, Spyware Guard, Spybot Search & Destroy, Windows Firewall. And I use Mozilla Firefox as my browser. Thanks in advance!

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users