Solved

Virus activities in my pc

Posted on 2008-06-17
7
756 Views
Last Modified: 2013-11-30
Hi experts,
Each time I open my internet explorer I see "god must be crazy" in my title. This is a headache to me. I have tired  with AVG full scan, kaspersky online scan but this thing is still in my system.
I am under impression that some virus activities are happening in my PC even I dont feel it by performance wise. I think this is started from my flash drive. Each time I open my flash drive  annoying 'exe'  files are creating but I cant remove those.  But when I plug the same pen into different PC then I am able to remove these files. It doesnt matter how much I clean and format that pen drive when I plug it into my troublesome PC, the abnormal exe files are creating again.
I would be appreciating if anyone can give me a sound solution. It would be highly appreciate if someone can clarify what is the underlying cause of these activities, if those are interrelated or just individual incidents.
Further I would be very much thankful if you can directly post your solution here rather than re directing to some other URLS.

Thanks,
Madu.
0
Comment
Question by:MaduKp
7 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 200 total points
Comment Utility
While you're trying to clean your PC, may I suggest not connecting your USB drive to prevent spread of the virus in either direction.

Did you note the names of the exe files that were created when you plugged in your flash drive? If so, post a few of those names here.

Next, run HijackThis on your PC and post the log here, as follows:

Download HijackThis from http://www.hijackthis.de/
(use the "direct download" link in the upper-right corner)
Unzip to any folder on your hard drive (other than the desktop)
Run the program by double-clicking on the HijackThis.exe file.
Click on "Do a System Scan.."
Copy-and-paste the resulting log here.
Optionally, you can post back to that same web page, and click "Analyze"
and note which entries are marked as nasty or unknown.
0
 
LVL 10

Author Comment

by:MaduKp
Comment Utility
Hi r-k:
Thanks for the reply.
here are some names that are creating by virus like activity.
download.exe is a one of that sort of file creared by virus like activity. actualy this file display as a folder. i didint double click on these flder like things to see if those are realy folders. other than this autorun file also created. I couldnt just delete these files. but still i am able to format the drive.

I got the hijack tool and please find the log created below.
0
 
LVL 10

Author Comment

by:MaduKp
Comment Utility
Please find the log file attached
hijackthis.log
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 23

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 200 total points
Comment Utility
Fix those items

F:\TestComplete 5\Bin\TestCompleteService5.exe
O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
O4 - Global Startup: MSconfig.exe
O23 - Service: TestComplete 5 Service - AutomatedQA Corporation - F:\TestComplete 5\Bin\TestCompleteService5.exe

After u check and fix those items on hijackthis..... Disable Autorun for Removable Media devices..

How To Enable Autorun for Other Removable Media

Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.

The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.

Notes:

   1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
   2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.

To Modify these Registry Settings, Use Regedit and navigate to the following Key:

        HKEY_CURRENT_USER
        Software
        Microsoft
        Windows
        CurrentVersion
        Policies
        Explorer
        "NoDriveTypeAutoRun"

The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.

-------------------------------------

Then download Flash disinfector after you hook up your usb flash to the infected PC.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Download Combofix to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Realtime Antivirus temporarily while combofix scan your pc.
Then Explorer.exe will restart, a log in a notepad file will pop up.
Attach the log here to let us see the result.

0
 
LVL 23

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 200 total points
Comment Utility
OPPS sorry wrong one.... follow this instructions to disable autorun forget about the "How To Enable Autorun for Other Removable Media" Part..

How To Enable/Disable Autorun (Windows XP)

   1. Open Windows Explorer by pressing the Windows + "e" key.

   2. Right-click the desired CD-ROM and select Properties from the menu.

   3. Select the AutoPlay tab.

   4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.

   5. Select OK.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 100 total points
Comment Utility
You are running AVG 8.0 and you still have Symantec entries from a previous Norton install. You should run the Norton Removal Tool to clear these conflicts:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

In addition to Combofix, I would also suggest running MalwareByte's Antimalware:

http://www.malwarebytes.org/mbam.php

Make sure it is updated, then select "Perform quick scan". When the scan is complete, click "OK", then "Show Results". Make sure that everything detected is checked, then click "Remove Selected".
Post the log with the Combofix log.
0
 
LVL 10

Author Closing Comment

by:MaduKp
Comment Utility
Thanks Guys. Sorry for the late respond.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Storage devices are generally used to save the data or sometime transfer the data from one computer system to another system. However, sometimes user accidentally erased their important data from the Storage devices. Users have to know how data reco…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now