Hello everyone, i totally need help cuz my pc is in trouble... i am infected with
some unknown virus...How it happened?I put my portable hard disc into a friend's pc, uploaded data, and when i connect my
portable HD to my own PC, its infected, im sure its infects via USB
How it executes?well before that i didnt know its infected, so i just double clicked my portable HD
(from
my pc) and nothing happened, after a few tries, i right click and saw "auto-play", i was
shocked and then i use OPEN, and i saw some autorun.inf and windows.scr, autorun.inf is
commanded(i know, wrong word) to execute windows.scr as auto play. BOTH FILES ARE
SYSTEM+HIDDEN, i did turn on ability to view HIDDEN and SYSTEM long ago (yeah i know the
risks but i wont simply accidentally delete a file)
.Scr format?Its windows screen saver format but its an infected one, it says right here (link
below)
and it claims to be a extension used to transmit TROJAN
http://filext.com/file-extension/scrCouldn't you just delete Windows.Scr and Autorun.inf ?Yes i did try but it didnt work, my computer is ALREADY infected cuz the first time
i
double clicked it (and it autorun)
What u mean INFECTED?i have no problems deleting windows.scr and autorun.inf BUT when i insert the USB
(or any USB memory sticks, tested), it will re-create those two files (Yes, it will re-
create it instantly once u insert it in, checked using the Created on : <date>)
Does this work in safe mode?YES, WHAT A VIRUS !!!
It works and STILL SPREADS via usb in safe mode
Do u have a screen shot of your running Processes in safe mode?Yes i do, here is link below
http://img184.imageshack.us/img184/900/wthhhhri1.jpgInstall this anti virus, and that, and the other one, and that too !!!I use AVG 7.5 AntiVirus Professional (registered)
I use AVG AntiSpyware (registered)
I use Ad-Aware 07
U didnt update eh?ALL UPDATED
U use those anti virus and UPDATED IT but did u scan?Yes, full system scan with NOTHING (sigh)
scan removeable?yes i did scan my usb...
No norton from symantec ?Yeah i have 2003 but since its so old, i downloaded 2008, but blue screen when
Norton 2008 starts on startup, so i went to safe mode, use NortonRemovalTool and blasted it
out of my pc, i guess its the clash with AVG, it did warn me during installation but i am
not dumping AVG, i paid !
What other tricks u did??I tried renaming and changing its extension, but failed, it re-creates the same copy
again
Is Harddisk affected by this autorun?NO, only Removeable Discs
Got HijackThis?Yes, is it needed?
Any more?Yea, i was once affected by this virus long time ago, it will create a Copy of the
autorun etc in EVERY DRIVE (including HDD) and put an autorun, and when u run the autorun,
it will check if the process to spread is ON or not, if not, it will on it, and then it
will copy itself to ANY DISKS . This is very obvious cuz its in HDD as autorun too and its
in Processes, which i obviously know where its from, so i terminated, and cleared all the
files, which made this virus permanently disappear but this is something new...
AND as far as im concerned, there MUST be a process to check if i have inserted a
RemoveableDrive or not, right? Like a looping check everyone 1 second?
Well this is what i think, it may not be true... cuz i cant find this process
i always check at processlibrary.com
...hmmm , everything in my processes look clean, my only suspect is why so many svchost,
last time i didnt have that many
I have two screen shots :
-Safe Mode all processes
http://img184.imageshack.us/img184/900/wthhhhri1.jpg
-Normal Windows All processes
http://img168.imageshack.us/my.php?image=tasknq3.jpg
Help pls...
