I think I got a virus in my system.
I use avast! free edition. and since i copied something from a pendrive, avast is going nuts. I recieved a warning as I plugged the drive in, but the material was important so I took my chances, dumb move.
anyway, a .inf doc keeps appearing in all my partitions root folder (C:\ F:\ D:\). it's named autorun.inf
when I open it, it shows:
[autorun]
shellexecute="resycled\boot.com c:"
shell\Open\command="resycled\boot.com c:"
shell=Open
and every time avast rename/remove/delete it, it just keeps coming back up.
the warning says
malware name: BV:AutoRun-E [Wrm]
malware type: virus/worm
I can't get rid of it. any comments?
-
If you can try booting into safe mode and scanning with your anti virus and SpyBot SD or try running a boot disk with anti-virus or a live-cd of linux with anti virus. Some suggestions off the top of my head: Hiren's BootCD and Knoppix LiveCD.
-
I'll try safe mode.
just got another prob. rundll32 is been terminated randomly. -
It's 90% a virus. Right click on any of your partitions(C:\ D:\ etc) and check if you have an "Autoplay" option in the shell.
Check this. -
Oops doesn't sound good.
If there is any valuable data you want to save do not boot the system again. Instead try to acces the harddrive form a bootable CD and rescue your data. -
You might wanna check the whole thread to be sure if you got the same issue/symptoms. Too bad I never got response from the OP if the solution I've found actually works..
-
It's a confirmed piece of malware... I clean this thing like once weekly.
Start with Combofix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix) in safemode. Also, turn off system restore, stuff likes to hide in there. Reboot, then run SUPER AntiSpyware, MalwareBytes AntiMalware, and SpybotSD. Also uninstall Avast, install a BitDefender 2009 trial, and scan with that. Also run ccleaner for good measure (actually it's good to start with ccleaner, so you don't waste time scanning temp files, then run ccleaner again at the end). Once done you can turn system restore back on, and re-install Avast! or perhaps this time choose a better AV like Avira or BitDefender. -
no avast pop up, internet explorer problem.
I do have autoplay option in only one of my partions though. gona do a scan in safemode. -
Hmm the instructions are for 2 different situations..you had to use the one it suits for your computer's symptoms. Check @Hep!'s post, he seems familiar with this, I've never got it myself so cannot confirm anything..
-
-
Maybe the trojan was partially blocked or it haven't done all the damage yet..As I said I never faced this problem myself so I don't know how exactly it's supposed to act. Try the manual cleaning from the first quote of my post, then try some malware cleaner..
-
Just ran super antispyware pro trial ver, spybot SnD, combofix in safe mode. No problems detected. the autorun option is still active in my d volume, but there are no other anomalies. I guess that's problems fixed then. nbr 1:0 malware!
-
Hmm this is odd, the "Autoplay" option should disappear. You check for hidden autorun.inf files? You check the startup option from the registry?
-
and only one of my 3 partitions is effected. I have no idea. -
Yeah well I'd suggest you monitor your partitions for the next few days..
I've been hit!!!
Discussion in 'Security and Anti-Virus Software' started by tianxia, Nov 26, 2008.