Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Virus activities in my pc

Posted on 2008-06-17
7
Medium Priority
?
798 Views
Last Modified: 2013-11-30
Hi experts,
Each time I open my internet explorer I see "god must be crazy" in my title. This is a headache to me. I have tired  with AVG full scan, kaspersky online scan but this thing is still in my system.
I am under impression that some virus activities are happening in my PC even I dont feel it by performance wise. I think this is started from my flash drive. Each time I open my flash drive  annoying 'exe'  files are creating but I cant remove those.  But when I plug the same pen into different PC then I am able to remove these files. It doesnt matter how much I clean and format that pen drive when I plug it into my troublesome PC, the abnormal exe files are creating again.
I would be appreciating if anyone can give me a sound solution. It would be highly appreciate if someone can clarify what is the underlying cause of these activities, if those are interrelated or just individual incidents.
Further I would be very much thankful if you can directly post your solution here rather than re directing to some other URLS.

Thanks,
Madu.
0
Comment
Question by:MaduKp
7 Comments
 
LVL 32

Accepted Solution

by:
r-k earned 800 total points
ID: 21808453
While you're trying to clean your PC, may I suggest not connecting your USB drive to prevent spread of the virus in either direction.

Did you note the names of the exe files that were created when you plugged in your flash drive? If so, post a few of those names here.

Next, run HijackThis on your PC and post the log here, as follows:

Download HijackThis from http://www.hijackthis.de/
(use the "direct download" link in the upper-right corner)
Unzip to any folder on your hard drive (other than the desktop)
Run the program by double-clicking on the HijackThis.exe file.
Click on "Do a System Scan.."
Copy-and-paste the resulting log here.
Optionally, you can post back to that same web page, and click "Analyze"
and note which entries are marked as nasty or unknown.
0
 
LVL 10

Author Comment

by:MaduKp
ID: 21811222
Hi r-k:
Thanks for the reply.
here are some names that are creating by virus like activity.
download.exe is a one of that sort of file creared by virus like activity. actualy this file display as a folder. i didint double click on these flder like things to see if those are realy folders. other than this autorun file also created. I couldnt just delete these files. but still i am able to format the drive.

I got the hijack tool and please find the log created below.
0
 
LVL 10

Author Comment

by:MaduKp
ID: 21811232
Please find the log file attached
hijackthis.log
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 24

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 800 total points
ID: 21812817
Fix those items

F:\TestComplete 5\Bin\TestCompleteService5.exe
O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
O4 - Global Startup: MSconfig.exe
O23 - Service: TestComplete 5 Service - AutomatedQA Corporation - F:\TestComplete 5\Bin\TestCompleteService5.exe

After u check and fix those items on hijackthis..... Disable Autorun for Removable Media devices..

How To Enable Autorun for Other Removable Media

Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.

The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.

Notes:

   1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
   2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.

To Modify these Registry Settings, Use Regedit and navigate to the following Key:

        HKEY_CURRENT_USER
        Software
        Microsoft
        Windows
        CurrentVersion
        Policies
        Explorer
        "NoDriveTypeAutoRun"

The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.

-------------------------------------

Then download Flash disinfector after you hook up your usb flash to the infected PC.
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe

Download Combofix to your desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disable your Realtime Antivirus temporarily while combofix scan your pc.
Then Explorer.exe will restart, a log in a notepad file will pop up.
Attach the log here to let us see the result.

0
 
LVL 24

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 800 total points
ID: 21812841
OPPS sorry wrong one.... follow this instructions to disable autorun forget about the "How To Enable Autorun for Other Removable Media" Part..

How To Enable/Disable Autorun (Windows XP)

   1. Open Windows Explorer by pressing the Windows + "e" key.

   2. Right-click the desired CD-ROM and select Properties from the menu.

   3. Select the AutoPlay tab.

   4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.

   5. Select OK.
0
 
LVL 23

Assisted Solution

by:phototropic
phototropic earned 400 total points
ID: 21829684
You are running AVG 8.0 and you still have Symantec entries from a previous Norton install. You should run the Norton Removal Tool to clear these conflicts:

http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

In addition to Combofix, I would also suggest running MalwareByte's Antimalware:

http://www.malwarebytes.org/mbam.php

Make sure it is updated, then select "Perform quick scan". When the scan is complete, click "OK", then "Show Results". Make sure that everything detected is checked, then click "Remove Selected".
Post the log with the Combofix log.
0
 
LVL 10

Author Closing Comment

by:MaduKp
ID: 31468099
Thanks Guys. Sorry for the late respond.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question