Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with a supposed infection


  • Please log in to reply
18 replies to this topic

#1 babaloo

babaloo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 20 January 2005 - 12:51 PM

There are some files on my computer that don't seem to show any intent to stay deleted. I keep finding them in every shared folder on my computer (except in Shared Documents, which makes it even weirder). If I delete them, I just find them sitting back there the next day. They do not appear all at the same time and some of them appear with different names. Antivirus scanners (tried it with Norton 2005, Bitdefender and now Sophos plus all the online scanners there are) find some of them to be infected, but there's not sign that the computer has actually been infected. No registry entries, no weird processes or services. Just those files. Sophos's name for the worm the files are infected with is W32/Agobot-Fam. When I followed the removal instructions, there was nothing to remove.
The names of the files are:
arun.exe (not recognized by any antivirus scanner)
autorun.inf (not recognized by any antivirus scanner)
fensvc.exe, fnksvc.exe or csrsss.exe (infected)
install.exe (not recognized by any antivirus scanner)
testfile (no extension, size is 0 and no antivirus proggie sees it as an infected file)
setup32.exe (infected, but it can be deleted only in safe mode with command prompt)

I've been searching the net like a maniac for the past few weeks and can't find a thing. Different AV programs just have different names for the worm itself, but the signs it shows on my computer do not in any way match the ones described. How do I get rid of this wretched thing?

BC AdBot (Login to Remove)

 


m

#2 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:12 AM

Posted 20 January 2005 - 12:57 PM

Hello babaloo

Maybe you should consider posting a Highjack This Log. This link will take you to the HJT Forum. Please read the pinned topics at the top. There you will learn all that you need to know regarding the the posting of your log. Good Luck! :thumbsup:

http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/


Just please keep in mind that all Highjack This Team Members are volunteers. One must practice a little patience, when waiting for help. I promise you though that they will get to you as soon as they are able. :flowers:

And above all do not attempt to work on your log yourself. And only take the advice from an official HJT Team Member. Which will show under thier name and avatar.
Posted Image

#3 babaloo

babaloo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 20 January 2005 - 01:14 PM

Thanks, have done so. :thumbsup:

#4 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:09:12 AM

Posted 20 January 2005 - 01:16 PM

Your are so welcome. :thumbsup: Yes I noticed. Fast work. :flowers: Glad to have helped.
Posted Image

#5 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:12 AM

Posted 20 January 2005 - 01:46 PM

Hi babaloo

Symantec (Norton) has a good resource where you can search a file name to see if it is associated with any viruses and has information and removal instructions if you get a hit. I went quickly through your list and hit on about half of them.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#6 babaloo

babaloo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 21 January 2005 - 02:06 AM

Done that too, but the problem is the files seem to be the only thing infected. The computer itself shows absolutely no signs of an infection, the registry seems to be missing all the entries it should have upon an infection and so on. It's just these files that keep reappearing. :thumbsup:

#7 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:09:12 AM

Posted 21 January 2005 - 07:13 AM

Are you turning off System Restore before the scan and re-enabling it afterwards?

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#8 babaloo

babaloo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 21 January 2005 - 10:33 AM

System Restore has been off for the past few months because I forgot to turn it back on after a scan I did ages ago. As I said - the only infection any AV program (online of offline) has found, were the infected files themselves. I make it a habit of not running anything I don't know, no files, no attachments, nothing. I don't use IE or Outlook Express, Spywareblaster, PestPatrol and AV software are active, and I have a hardware firewire on the router. The files do not appear on any other computer on the network and none of them are infected (checked and doubleckecked). As soon as I share a folder on my computer, those files appear. So I'm going bananas. :thumbsup:

#9 virushelp

virushelp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 08 February 2005 - 10:21 PM

I have the same problem, i have arun.exe, install.exe and autorun.inf and they keep getting back. No antivirusprogram can detect anything wrong with theese files but I delete and they get back. I throw the computer out the window if i canīt get any help soon. I think I got the files when I downloaded a false moviefile from Direct Connect. Hide and Seek (2005) (AC3 - 5.1).avi
The file got my computer to freeze and after I deletet it I found the files in all my shared directories. But my computer has other symptoms to, when i restart the computer try to send hundreds of mail, symantec checks all mail and donīt send them, but then the virusscan shows that nothing is wrong. I do not get this. Now I found it on my boyfriends computer aswell.

Please help me get rid off this bleep.

Pippi

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:12 AM

Posted 10 February 2005 - 10:53 AM

Zip up all those files and submit it to http://www.bleepingcomputer.com/submit-malware.php

#11 virushelp

virushelp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 11 February 2005 - 04:00 PM

I gave up and reinstalled all the computers here. I hate viruses. I could kill thoose peps who make them. :thumbsup:

#12 Eric Lachance

Eric Lachance

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 14 February 2005 - 08:51 PM

I'm having the same problem. I scanned with Panda Antivirus Titanium 2005 and thought I found multiple viruses (41... 't'was time I scanned!), but those were not cleaned.

I submitted the file on the page mentionned (malware-submit) with a link to this forum.

#13 Eric Lachance

Eric Lachance

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 14 February 2005 - 08:57 PM

BTW the files I submitted were only:
arun.exe
install.exe
autorun.inf

There is also a defaultPerLog.txt that keeps appearing but I dont think it's really related, I skipped it.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,394 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:12 AM

Posted 15 February 2005 - 05:08 PM

Eric you can delete those three files, the other file is fine.

Are you on a network and have folders shared onyour computer?

#15 jaredean

jaredean

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:12 AM

Posted 23 February 2005 - 05:36 PM

i've had the same issue...i'm on a network and the 3 files only show up in shared folders...

The thing is, after deleting them they appear again after a bit...

I'd like to know what it is, but haven't found anything very helpful about it online...

j




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users