Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, PenDrive infection but this ain't the normal one !


  • Please log in to reply
2 replies to this topic

#1 scyap

scyap

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 18 February 2009 - 03:18 AM

Ok, it started with an infected pen-drive inserted into my computer when I have not installed my antivirus

So i thought its the same old autorun virus...
So i went to enable hidden and system files but i couldn't

i pressed ALT+CTRL+DEL and went to processes to look at the long list of my processes and its either my eyes are blind or i couldnt find anything suspicious at all...

So i downloaded this script from the internet that forcefully(somehow) enables viewing of hidden/sys files
and i went to delete the autorun and the file it executes, it was in all my hdd

and i wanted to download kaspersky...
but i couldnt load the page, it was error page not found (as if you weren't connected to the net), same on IE
also same problem on bitdefender.com (Normal mode)

so i rebooted...
in safe mode, i can access it but i get some stupid password thingy (only happens for kaspersky.com)

Posted Image
Posted Image


Still in safe mode, i pressed ALT+CTRL+DEL and went to processes to look at the long list of my processes and its either my eyes are blind or i couldnt find anything suspicious at all...shocked though, its SAFE MODE FFS !!

i went to check out System Restore but it seems all my previous restore points have been deleted... NONE !!!

After that, i found an old copy of kaspersky installer in my hard discs...
So i installed it and it couldn't update AT ALL, gives me a bunch of errors...
So i had no choice to scan with an outdated databse, and it found NOTHING... T_T"

Posted Image
Posted Image



OK FYI i'm having the resycled and boot.com virus 1
I did google searches and all the guides were the same - delete resycled folder with boot.com inside and destroy autorun.inf (and using registry to do it again)

well i did that already and after some reboots

Now I've rebooted back to Normal mode and i still cannot access kaspersky/bitdefender.com, it gives page not found
The old installer copy of kaspersky that i found still cant update... (does that prove i'm still infected?)

-

Now the only reason that I think i'm still infected is that I can't access kaspersky/bitdefender sites (but i can access them in safe mode, but i get the annoying Password pop up non-stop), and online scanners dont work, and kaspersky cant update...

Posted Image
Posted Image

Posted Image
Posted Image

Posted Image
Posted Image


Don't ask me to run a format as that would be only the last resort...
Lastly, thanks for reading...






EDIT-----------
I also cannot enter AVG's site or eset.com

Edited by garmanma, 18 February 2009 - 09:13 AM.
HJT LOGS NOT ALLOWED IN THIS FORUM--LINK REMOVED


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:12:34 PM

Posted 18 February 2009 - 07:16 PM

We need to use a clean computer and a disinfected immunized usb drive

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.
Chewy

No. Try not. Do... or do not. There is no try.

#3 scyap

scyap
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 19 February 2009 - 07:52 AM

Guys thanks for helping out... THanks Alot :D :D :D

Before i did what you guys said above, i did some research...

It seems i was infected by two viruses,
the one about boot.com was long gone after i deleted it...


What was messing up my pc was was the jwgkvsq.vmx
It seems its a new one thats why my old kaspersky couldn't detect...
some antiviruses cant detect it too

Its found that , its a Windows ExploiT, and i've followed steps here too, and now its fixed...


THANKS FOR EVERYONE'S SUPPORT !!!

:thumbsup: :flowers: :trumpet:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users