Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Malicious Software

  • Please log in to reply
No replies to this topic

#1 R9288


  • Members
  • 1 posts
  • Local time:08:34 PM

Posted 03 December 2010 - 11:20 AM

So I was surfing Google the other day. and the browser sat open for a good hour. no redirects to my knowledge, but all of a sudden I get a notification that two new anti-virus programs have been installed. That is when I yelled out 'Damnit!' because I knew exactly what this was. Normally a run of combofix removes these types of things, as the same thing happened to my other computer (Different network and state) three days prior...

but now there is something more, and some sort of edit to the registry. whenever I attempt to run combofix, about 6 or 7 iexplorer.exes open in the tskmngr....the tskmng crashes and so does combo-fix. Now, no anti-virus software can be accessed. all i receive is 'File does not exist' or 'access denied'......

Being somewhat knowledgeable around computers I went to work manually tracking everything down. I removed all fake programs except for a fake svchost which is hiding out somewhere....and whenever I do get it deleted, its replaced on reboot.

I believe i have the recycle virus...but may be wrong.

I plugged in a harddrive to the computer, and inside a new autorun.cfg file appeared. upon opening the file is listed a new reg key and exe to Recycler/48367228646372829182asd67372.exe

i removed that, and have ensured that the drive is clean and also removed the registry entry that did not allow me to open the drive (When double clicking on the drive it attempt to open that exe instead of the drive)

Also note that avira antivir had to be removed because explorer.exe is apparently a virus, and with it, i can only see my desktop in safe mode.

Anyways. i am hoping you can help me out.

Edited by Andrew, 03 December 2010 - 12:43 PM.
Mod Edit: Moved to AII - AA

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users