Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Q7 Virus?


  • Please log in to reply
4 replies to this topic

#1 starbusuk

starbusuk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 25 April 2007 - 07:19 PM

My 1st post, new to this, so please bear with me!

My 'My Music' folder seems to have been hijacked! Any mp3 files I put into it become .exe files when I next turn on my PC. There is a hidden folder in 'My Music' which contains a ZIP folder titled q7q7q7q7q7q7q7q7xx.zip when I delete this, it re-appears next time I turn on my PC.

Also in My Computer/C:/Program files 8 files appear at start-up entitled:

A.ico
a.zip
B.ico
b.zip
c.zip
Setup.exe
video.exe
Track_03.exe

Again, when I delete them they re-appear at next start-up.

Please can anyone help???

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,262 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:43 AM

Posted 25 April 2007 - 08:20 PM

Where did you pick these up? P2p?

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

Getting into Windows Safe Mode
http://www.computerhope.com/issues/chsafe.htm
(pre-Vista OS's)
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 starbusuk

starbusuk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:43 PM

Posted 28 April 2007 - 11:25 AM

Hi Buddy215

Thanks for your reply. I tried both the superantispyware and the bitdefender scans and both found viruses but couldnt delete or quarantine them (neither could ad-aware, spybot S&D or Norton internet security 2006).

I ended up just reverting my PC to original settings. Had all my photos backed up so didnt lose much!

A painful lesson to be more careful when using Limewire!

Thanks again.

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:09:43 AM

Posted 28 April 2007 - 12:44 PM

When using Limewire, or any other P2P application, be sure to scan anything you download, with your Antivirus, BEFORE opening it.

This also applies to, anything you download off of the internet.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:04:43 PM

Posted 28 April 2007 - 12:57 PM

You have been infectd with the Fontra C virus which mostly spreads via P2P networks, which prooves TG1911's point.

Beyond the measures as stated by buddy

download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users