Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 799
  • Last Modified:

Virus activities in my pc

Hi experts,
Each time I open my internet explorer I see "god must be crazy" in my title. This is a headache to me. I have tired  with AVG full scan, kaspersky online scan but this thing is still in my system.
I am under impression that some virus activities are happening in my PC even I dont feel it by performance wise. I think this is started from my flash drive. Each time I open my flash drive  annoying 'exe'  files are creating but I cant remove those.  But when I plug the same pen into different PC then I am able to remove these files. It doesnt matter how much I clean and format that pen drive when I plug it into my troublesome PC, the abnormal exe files are creating again.
I would be appreciating if anyone can give me a sound solution. It would be highly appreciate if someone can clarify what is the underlying cause of these activities, if those are interrelated or just individual incidents.
Further I would be very much thankful if you can directly post your solution here rather than re directing to some other URLS.

Thanks,
Madu.
0
MaduKp
Asked:
MaduKp
4 Solutions
 
r-kCommented:
While you're trying to clean your PC, may I suggest not connecting your USB drive to prevent spread of the virus in either direction.

Did you note the names of the exe files that were created when you plugged in your flash drive? If so, post a few of those names here.

Next, run HijackThis on your PC and post the log here, as follows:

Download HijackThis from http://www.hijackthis.de/
(use the "direct download" link in the upper-right corner)
Unzip to any folder on your hard drive (other than the desktop)
Run the program by double-clicking on the HijackThis.exe file.
Click on "Do a System Scan.."
Copy-and-paste the resulting log here.
Optionally, you can post back to that same web page, and click "Analyze"
and note which entries are marked as nasty or unknown.
0
 
MaduKpAuthor Commented:
Hi r-k:
Thanks for the reply.
here are some names that are creating by virus like activity.
download.exe is a one of that sort of file creared by virus like activity. actualy this file display as a folder. i didint double click on these flder like things to see if those are realy folders. other than this autorun file also created. I couldnt just delete these files. but still i am able to format the drive.

I got the hijack tool and please find the log created below.
0
 
MaduKpAuthor Commented:
Please find the log file attached
hijackthis.log
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
Mohammed HamadaSenior IT ConsultantCommented:
Fix those items

F:\TestComplete 5\Bin\TestCompleteService5.exe
O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
O4 - Global Startup: MSconfig.exe
O23 - Service: TestComplete 5 Service - AutomatedQA Corporation - F:\TestComplete 5\Bin\TestCompleteService5.exe

After u check and fix those items on hijackthis..... Disable Autorun for Removable Media devices..

How To Enable Autorun for Other Removable Media

Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.

The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.

Notes:

   1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
   2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.

To Modify these Registry Settings, Use Regedit and navigate to the following Key:

        HKEY_CURRENT_USER
        Software
        Microsoft
        Windows
        CurrentVersion
        Policies
        Explorer
        "NoDriveTypeAutoRun"

The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.

-------------------------------------

Then download Flash disinfector after you hook up your usb flash to the infected PC.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Download Combofix to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Realtime Antivirus temporarily while combofix scan your pc.
Then Explorer.exe will restart, a log in a notepad file will pop up.
Attach the log here to let us see the result.

0
 
Mohammed HamadaSenior IT ConsultantCommented:
OPPS sorry wrong one.... follow this instructions to disable autorun forget about the "How To Enable Autorun for Other Removable Media" Part..

How To Enable/Disable Autorun (Windows XP)

   1. Open Windows Explorer by pressing the Windows + "e" key.

   2. Right-click the desired CD-ROM and select Properties from the menu.

   3. Select the AutoPlay tab.

   4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.

   5. Select OK.
0
 
phototropicCommented:
You are running AVG 8.0 and you still have Symantec entries from a previous Norton install. You should run the Norton Removal Tool to clear these conflicts:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

In addition to Combofix, I would also suggest running MalwareByte's Antimalware:

http://www.malwarebytes.org/mbam.php

Make sure it is updated, then select "Perform quick scan". When the scan is complete, click "OK", then "Show Results". Make sure that everything detected is checked, then click "Remove Selected".
Post the log with the Combofix log.
0
 
MaduKpAuthor Commented:
Thanks Guys. Sorry for the late respond.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now