Solved

How do I get rid of "Alecks" virus

Posted on 2008-10-24
4
374 Views
Last Modified: 2013-11-22
When I was backing up data from my office PCs (Windows Vista and XP Pro) to an external hard drive, I picked up the virus, "alecks". When I tried to read the data from my notebook, my AVG anti-virus identified several files on the root of the external drive as malicious and I "quarantined" the files as they could not be healed. Now I can't access the hard drive through the "open" or "explore" commands in explorer getting the message that the VB script is missing. When I right click on the external drive, I see Open (alecks). None of my other drives are affected.

How do I get rid of this virus/worm?

0
Comment
Question by:patyi888
  • 2
  • 2
4 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 22802364

Probably just the reg loading point that is left behind that needs to be removed, e.g.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints\D]

Or, download ComboFix by sUBs and show us the log.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
0
 

Author Comment

by:patyi888
ID: 22803662
After running combofix, certain files were deleted including e:\autorun.inf. I can now open e: and when I right click on e: I don't see (alecks) next to the open and explore commands. A search of the registry does not show any "alecks" entries except for search because I had searched for alecks files on my computer.

It seems that my problem has been fixed by combofix's malware scanner.

Thanks


log.txt
0
 

Author Comment

by:patyi888
ID: 22806777
It appears that the malware scanner in combofix solved the problem by deleting e:\autorun.inf which is a hidden file on the infected external disk. To complete the cleaning, you can also delete the alecks registry entries in [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints\] which combofix doesn't do.

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22811892
>>>you can also delete the alecks registry entries in [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints\] which combofix doesn't do.<<<


Sorry for late reply.
Combofix has a script function that deletes file and reg entries in which we post back to the user after we've seen the log with bad entries, sorry.

Well done on deleting the bad reg entry.


To uninstall Combofix:
Go to Start > Run and copy and paste next command in the field:

ComboFix /u

The procedure will delete the following:
ComboFix and its associated files and folders.
VundoFix backups, if present
The C:\Deckard folder, if present
The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.
Thanks!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
McAfee 8.8 include subfolders not to scan 4 71
Endpoint security products 4 51
Is this virus ? 6 36
Computer has been hijacked? 13 72
There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now