Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pretty serious infection by something I cant identify.


  • Please log in to reply
4 replies to this topic

#1 Feriluce

Feriluce

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2009 - 10:16 AM

I've recently managed to catch a very annoying virus that I cant seem to identify.

It started this monday, by my proxycap and daemon tools programs suddenly shutting down and refusing simply giving a default windows error message when trying to start them up again. I also found that I was unable to access microsofts.com and any antivirus website (AVG, symantec, etc.).

I decided to simply reformat my pc, as I needed to do that anyway, but after having reconnected to my external hard-drive to get drivers, I found out i'd been infected again. I did another re-install, and the same thing happened again. I then searched a bit around the interwebs and found that my symptoms could mean that I had the conficker worm. However I ran 3-4 different removal tools and none of them found the worm, neither did mbam.

I assumed that a virus had also infected my external HD and used another storage device to transfer drivers instead. I then proceeded to disable autorun, load up an autorun firewall and install autorun eater.
I then scanned both my pc and external harddrive with mbam and SAS, but nothing showed up, so I assumed I were safe.

PC's been working fine untill today, when the symptoms suddenly reappeared after I'd installed xp SP3 along with some updates and drivers. After rebooting my comp I had 2 command prompt windows pop up, and the exact same symptoms reappeared.

I scanned with mbam and it found nothing. I am currently scanning with AVG, and it found 3 copies of win32/virut so far. However it doesn't seem like the symptoms match those thats described for this virus.

I'm getting a bit desperate here, so any help would be very much appreciated.

Edit: Forgot to mention I'm using windows XP

Edited by Feriluce, 03 July 2009 - 10:24 AM.


BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:40 AM

Posted 03 July 2009 - 10:44 AM

It does sound like Virut

Remember the list of files that Virut does not infect is easier to understand than the ones it does infect.

Any saved drivers or installers should be discarded unless they from factory media(CD), anything you burned or saved on another drive could be infected.

I would download new drivers from trusted web sites and burn to CD-R on a clean computer.

I would immunize the freshly loaded computer with subs flash disinfector and religiously use the shift key before connecting any drive or media that might be infected

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

MBAM was never meant to scan for infectors, that's what antivirus programs do.

With virut I would use 2 or 3 antivirus scans before I trusted a saved file.

Edited by DaChew, 03 July 2009 - 10:46 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#3 Feriluce

Feriluce
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2009 - 01:14 PM

Just ran the avg virut removal tool, it seemed to scan every exe, dll and sys file on my pc, but it doesn't seem to have helped as the symptoms are still there, and so is the win32/virut files. :/

I actually ran flash-disinfector before I got infected again, and apparantly it didn't work.

I'm kinda at a loss for what to do. I'd prefer to not have to reformat again, and would also prefer not to lose all the stuff I have on my external hd :/

Edited by Feriluce, 03 July 2009 - 01:39 PM.


#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:40 AM

Posted 03 July 2009 - 01:38 PM

I'm kinda at a loss for what to do. I'd prefer to not have to reformat again, and would also prefer not to lose all the stuff I have on my external hd :/


You have to reformat, but learn how to properly reload and not reinfect the computer.

Something you are loading is infected, subs flash disinfector only protects you when you plug in an external drive.

I have seen virut even infect recovery files on another partition of the hard drive.

As long as you don't execute or load an infected file you can save safe files and delete the rest on the external drive.

Music and video are some of the few types that are not infected by virut, you can always scan them first anyway.
Chewy

No. Try not. Do... or do not. There is no try.

#5 Feriluce

Feriluce
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:40 AM

Posted 03 July 2009 - 01:42 PM

Ah well. At least I know what to avoid to get infected again this time.

Ty for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users