?
Solved

Videos.exe virus

Posted on 2008-11-19
8
Medium Priority
?
6,746 Views
Last Modified: 2013-12-09
My system is infected with virus.  I am not sure the nmae of the virus as the anti virus program is not detecting the virus.    What i noticed is that files videos.exe and new folder.exe is present plus a number of other executable.  The students are unable to logout and the virus is spreading.  You can see attached file for example.
virus-image.JPG
0
Comment
Question by:rwhittle
8 Comments
 
LVL 1

Expert Comment

by:hybridrocknroll
ID: 22996640
Go to the Run Command (Start->Run) Type msconfig, press Enter. Go to the Startup tab and look down the Items. See if anything such as the Video.exe or NewFolder.exe is running. Uncheck the box, then hit apply. It will ask for a restart, so go ahead. This should disable the programs from starting up, in turn allowing you to delete the folders. After deleting, run several different anti-virus programs. One program alone usually doesn't fix the problem. AVG free is a good free program (http://free.avg.com/) or CCleaner (http://www.ccleaner.com/download). They require you to create an account, and it gives you a 30 day trial on the CCleaner. Hope this helps!
0
 
LVL 1

Expert Comment

by:hybridrocknroll
ID: 22996665
http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html also has a removal tool if you're having the symptoms that won't let you access your Run command.
0
 

Author Comment

by:rwhittle
ID: 22997773
still not working. For some reason when I check registry path I don't see any of the keys that are suggested.
ANOTHERIMAGE.JPG
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:rwhittle
ID: 22997781
This is another image of the malware or virus
0
 

Author Comment

by:rwhittle
ID: 22998223
When I check processes I realize that a lsass.exe file if running from c:\winnt\db5d\lsass.exe also services.exe is running from the same path likewise csrss.exe.  I have Mcafee on my system ver 8 fully updated and it is running over the file and no recognizing them as malware/virus/trojans.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 22998462

Run Flash_Disinfector.exe or Combofix:
1. Download and run this tool and follow the prompts:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe 

2.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

You can also try Malwarebytes
Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php
0
 
LVL 10

Expert Comment

by:TekServer
ID: 22998692
You might also want to download and run HijackThis, and post the log file here.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

:)
0
 

Accepted Solution

by:
rwhittle earned 0 total points
ID: 23078643
I captured the virus and sent it to Mcafee, in which they gave me an extra.dat file that fixed the problem.  The virus was key logger.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question