I've been hit!!!

I think I got a virus in my system.
I use avast! free edition. and since i copied something from a pendrive, avast is going nuts. I recieved a warning as I plugged the drive in, but the material was important so I took my chances, dumb move.
anyway, a .inf doc keeps appearing in all my partitions root folder (C:\ F:\ D:\). it's named autorun.inf
when I open it, it shows:

[autorun]
shellexecute="resycled\boot.com c:"
shell\Open\command="resycled\boot.com c:"
shell=Open

and every time avast rename/remove/delete it, it just keeps coming back up.
the warning says
malware name: BV:AutoRun-E [Wrm]
malware type: virus/worm

I can't get rid of it. any comments?

 

If you can try booting into safe mode and scanning with your anti virus and SpyBot SD or try running a boot disk with anti-virus or a live-cd of linux with anti virus. Some suggestions off the top of my head: Hiren's BootCD and Knoppix LiveCD.

 

I'll try safe mode.
just got another prob. rundll32 is been terminated randomly.

 

It's 90% a virus. Right click on any of your partitions(C:\ D:\ etc) and check if you have an "Autoplay" option in the shell.

Check this.

 

Oops doesn't sound good.

If there is any valuable data you want to save do not boot the system again. Instead try to acces the harddrive form a bootable CD and rescue your data.

 

You might wanna check the whole thread to be sure if you got the same issue/symptoms. Too bad I never got response from the OP if the solution I've found actually works..

 

It's a confirmed piece of malware... I clean this thing like once weekly.
Start with Combofix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix) in safemode. Also, turn off system restore, stuff likes to hide in there. Reboot, then run SUPER AntiSpyware, MalwareBytes AntiMalware, and SpybotSD. Also uninstall Avast, install a BitDefender 2009 trial, and scan with that. Also run ccleaner for good measure (actually it's good to start with ccleaner, so you don't waste time scanning temp files, then run ccleaner again at the end). Once done you can turn system restore back on, and re-install Avast! or perhaps this time choose a better AV like Avira or BitDefender.

 

I checked out your other thread. and tried to follow the instructions. and it seemed to work even though I can't do most of them, I use vista and the solution you mentioned was probably for xp.
no avast pop up, internet explorer problem.
I do have autoplay option in only one of my partions though. gona do a scan in safemode.

 

Hmm the instructions are for 2 different situations..you had to use the one it suits for your computer's symptoms. Check @Hep!'s post, he seems familiar with this, I've never got it myself so cannot confirm anything..

 

I get an autoplay option on my D volume. but I can still access it by double clicking

 

Maybe the trojan was partially blocked or it haven't done all the damage yet..As I said I never faced this problem myself so I don't know how exactly it's supposed to act. Try the manual cleaning from the first quote of my post, then try some malware cleaner..

 

Just ran super antispyware pro trial ver, spybot SnD, combofix in safe mode. No problems detected. the autorun option is still active in my d volume, but there are no other anomalies. I guess that's problems fixed then. nbr 1:0 malware!

 

Hmm this is odd, the "Autoplay" option should disappear. You check for hidden autorun.inf files? You check the startup option from the registry?

 

I have, I can't see any unknown entries in my startup options in msconfig. and I deleted all autorun.inf and the hidden 'resycled' (not recycled for some reason)folder which the autorun was pointing to.
and only one of my 3 partitions is effected. I have no idea.

 

Yeah well I'd suggest you monitor your partitions for the next few days..