Virus activities in my pc

Posted on 2008-06-17
Last Modified: 2013-11-30
Hi experts,
Each time I open my internet explorer I see "god must be crazy" in my title. This is a headache to me. I have tired  with AVG full scan, kaspersky online scan but this thing is still in my system.
I am under impression that some virus activities are happening in my PC even I dont feel it by performance wise. I think this is started from my flash drive. Each time I open my flash drive  annoying 'exe'  files are creating but I cant remove those.  But when I plug the same pen into different PC then I am able to remove these files. It doesnt matter how much I clean and format that pen drive when I plug it into my troublesome PC, the abnormal exe files are creating again.
I would be appreciating if anyone can give me a sound solution. It would be highly appreciate if someone can clarify what is the underlying cause of these activities, if those are interrelated or just individual incidents.
Further I would be very much thankful if you can directly post your solution here rather than re directing to some other URLS.

Question by:MaduKp
LVL 32

Accepted Solution

r-k earned 200 total points
ID: 21808453
While you're trying to clean your PC, may I suggest not connecting your USB drive to prevent spread of the virus in either direction.

Did you note the names of the exe files that were created when you plugged in your flash drive? If so, post a few of those names here.

Next, run HijackThis on your PC and post the log here, as follows:

Download HijackThis from
(use the "direct download" link in the upper-right corner)
Unzip to any folder on your hard drive (other than the desktop)
Run the program by double-clicking on the HijackThis.exe file.
Click on "Do a System Scan.."
Copy-and-paste the resulting log here.
Optionally, you can post back to that same web page, and click "Analyze"
and note which entries are marked as nasty or unknown.
LVL 10

Author Comment

ID: 21811222
Hi r-k:
Thanks for the reply.
here are some names that are creating by virus like activity.
download.exe is a one of that sort of file creared by virus like activity. actualy this file display as a folder. i didint double click on these flder like things to see if those are realy folders. other than this autorun file also created. I couldnt just delete these files. but still i am able to format the drive.

I got the hijack tool and please find the log created below.
LVL 10

Author Comment

ID: 21811232
Please find the log file attached
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

LVL 24

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 200 total points
ID: 21812817
Fix those items

F:\TestComplete 5\Bin\TestCompleteService5.exe
O4 - HKCU\..\Run: [crazy] C:\Documents and Settings\All Users\Application Data\crazya.exe
O4 - Global Startup: MSconfig.exe
O23 - Service: TestComplete 5 Service - AutomatedQA Corporation - F:\TestComplete 5\Bin\TestCompleteService5.exe

After u check and fix those items on hijackthis..... Disable Autorun for Removable Media devices..

How To Enable Autorun for Other Removable Media

Autorun can be enabled or disabled for all Removable media types, such as a floppy or Zip disk. Windows systems are configured to enable CD Notification, other removable media are by default disabled.

The System Properties User interface only exposes the CD Enable or Disable selection. The setting reflected in this dialog makes an entry in the System Registry. It is in this same location that other media types are configured.


   1. Modifiying the Registry is not for the inexperienced user. Anyone will tell you, be VERY careful.
   2. The modifications made in this case use Hex not Decimal numbers. If you are unfamiliar with the Registry or the characteristics of base numbering and Hex, studying these topics prior to making these modifications is advisable.

To Modify these Registry Settings, Use Regedit and navigate to the following Key:


The default value for the setting is 95 0 0 0. Change the first byte to 91. Restart the computer to make the new setting take effect. You may have to right-click on the floppy and choose AutoPlay from the menu to see the AutoPlay behavior.


Then download Flash disinfector after you hook up your usb flash to the infected PC.

Download Combofix to your desktop

Disable your Realtime Antivirus temporarily while combofix scan your pc.
Then Explorer.exe will restart, a log in a notepad file will pop up.
Attach the log here to let us see the result.

LVL 24

Assisted Solution

by:Mohammed Hamada
Mohammed Hamada earned 200 total points
ID: 21812841
OPPS sorry wrong one.... follow this instructions to disable autorun forget about the "How To Enable Autorun for Other Removable Media" Part..

How To Enable/Disable Autorun (Windows XP)

   1. Open Windows Explorer by pressing the Windows + "e" key.

   2. Right-click the desired CD-ROM and select Properties from the menu.

   3. Select the AutoPlay tab.

   4. Select each item from the pulldown list and for the Action to perform, select "Take no action" to disable autorun, or pick the apporpriate action to take if enabling autorun.

   5. Select OK.
LVL 23

Assisted Solution

phototropic earned 100 total points
ID: 21829684
You are running AVG 8.0 and you still have Symantec entries from a previous Norton install. You should run the Norton Removal Tool to clear these conflicts:

In addition to Combofix, I would also suggest running MalwareByte's Antimalware:

Make sure it is updated, then select "Perform quick scan". When the scan is complete, click "OK", then "Show Results". Make sure that everything detected is checked, then click "Remove Selected".
Post the log with the Combofix log.
LVL 10

Author Closing Comment

ID: 31468099
Thanks Guys. Sorry for the late respond.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I wrote an article ( some time ago with a reference to nLite  ( software.  I recently changed that link to point to NTLite (https://www.ntl…
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question