Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 247
  • Last Modified:

Virus xxtra32.exe ??? Please help !!!

Hi Experts,

A LapTop infected with a serious virus. It’s generating higher amount of traffic to the gateway. After that all the Internet browse getting slowing down and stopping.

MacAfee can’t identify it with the latest Dats. I used also latest Stinger.exe.

In the registry I found a xxtra32.exe in following entries, after I delete the entries it will be ok for a couple of hours, and again it’s infecting with this virus.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService

I search over the hard disk in the safe mode but no luck. IN the c:windows/prefetch/ having some same name files but it’s coming again and again when I deleting them.

Please advice !

Thanks !
0
Affno
Asked:
Affno
  • 3
  • 2
  • 2
3 Solutions
 
joseywalesCommented:
According to this website its a newly found variant of a known virus

http://www.cyberdefender.com/risk/html/20050221070700.log.html

I would try the online scan at Trendmicro

http://housecall.trendmicro.com/

and also download a trial of AVG

http://www.grisoft.com/us/us_index.php

If all else fails try Trojan Guarder trial version. It looks like it was designed by Playskool but it did find the navasp23.exe virus on out corporate network when nothing else would.

www.your-soft.com

Next I would run Hijack This

http://www.spywareinfo.com/~merijn/downloads.html

and post the logfile here or run it thru a web based scanner like this one and follow its reccomendations

http://hijackthis.de/

A good spyware scanner or three would also help. We use a combination of Adaware, Spybot search and destroy and the Micorsoft anti spyware beta

www.lavasoft.com
http://www.safer-networking.org/en/index.html
www.microsoft.com

Finally, if you are using Windows XP and havent upgradd to Service pack 2, its time to do so, the built in firewall will block a lot of the current worms
www.windowsupdate.com

hope this helps, i spend a lot of my time fighting spyware and viruses for our corporation since our AV software stinks and these are the standard suite of programs i run on a machine that have persistant problems with spyware and viruses






0
 
AffnoAuthor Commented:
will try to install Win XP SP2 and see
0
 
joseywalesCommented:
i would download the tools i mentioned, download sp2, then take the machine off the network and clean it then patch it then put it back on the network and look for more critical updates. we tried just cleaning at first and like you kept getting reinfected, sp2 will probably block reinfection once you have it installed and cleaned

to give you an idea of how critical sp2 is, i took it off my box to get screenshots of installing it and other software for our remote users and within 2 hours of it being unpatched i had warnings from the MS anti spyware tool a virus was trying to add itself to my startup.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
kneHCommented:
Few things to keep in mind:

Scan for malware in safemode
reboot a few times and rescan
turn off system restore
do not connect to internet or any net really.
0
 
AffnoAuthor Commented:
Any of virus guard or a removal tool didn’t recognize this virus.

So, I have search the registry for the xxtra32.exe and deleted all entries. After that I have installed XP service pack 2.

Now it always pops a  errorwindow called,

“Rpc Locator has encountered a problem and needs to close. We are sorry for the inconvenient.”

This message coming again and again and the machine is freezing with this message. Any tips???

Thanks !
0
 
kneHCommented:
Yup.

enter the windowsXp cd and choose the repair option.

Other possible solution (but I'm not sure so make a backup of the file!!!!)
replace svchost.exe in the windows\system32 dir with a backup one.

Will either be on the windowscd (prolly as svchost.ex_) or in the windows\system23\dllcache or in an i386 directory.
type this (after the backup!!)
expand c:\windows\system32\dllcache\svchost.ex_ c:\svchost.exe
If the filename and dirname are correct.
Then reboot into DOS (might need a win98 bootdisk from www.bootdisk.com) replace the windows\system32\svchost.exe with the c:\svchost.exe

But first of all try the xpcd solution :)
0
 
joseywalesCommented:
did you delete the files, registry and startup entries in safe mode? and did you install xp sp2 with the machine offline?

i just dealt with a similar version of sdbot that wasnt picked up by any scanner but i could tell what files were involved so i deleted tehm in safe mode and killed all teh registry entries for them as well and didnt have problems installing sp2 from a CD i made.
 run hijack this and post teh entry and we may be able to see whats still causing problems. otherwise an in place xp reinstall would be a good idea, however you will still need SP2 on CD to patch it right after install or you risk getting the same type viruses again while trying to download the patches

note that to do the in-place reinstall of xp you need to put in the CD and do NOT choose repair from the first menu(thats the recovery console), instead proceed as if you were going to reinstall the OS and it should detect your previous install and give you an option to repair it
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now