Videos.exe virus

My system is infected with virus.  I am not sure the nmae of the virus as the anti virus program is not detecting the virus.    What i noticed is that files videos.exe and new folder.exe is present plus a number of other executable.  The students are unable to logout and the virus is spreading.  You can see attached file for example.
virus-image.JPG
rwhittleAsked:
Who is Participating?
 
rwhittleConnect With a Mentor Author Commented:
I captured the virus and sent it to Mcafee, in which they gave me an extra.dat file that fixed the problem.  The virus was key logger.
0
 
hybridrocknrollCommented:
Go to the Run Command (Start->Run) Type msconfig, press Enter. Go to the Startup tab and look down the Items. See if anything such as the Video.exe or NewFolder.exe is running. Uncheck the box, then hit apply. It will ask for a restart, so go ahead. This should disable the programs from starting up, in turn allowing you to delete the folders. After deleting, run several different anti-virus programs. One program alone usually doesn't fix the problem. AVG free is a good free program (http://free.avg.com/) or CCleaner (http://www.ccleaner.com/download). They require you to create an account, and it gives you a 30 day trial on the CCleaner. Hope this helps!
0
 
hybridrocknrollCommented:
http://tec-updates.blogspot.com/2007/10/new-folderexe-virus-removal-tool.html also has a removal tool if you're having the symptoms that won't let you access your Run command.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
rwhittleAuthor Commented:
still not working. For some reason when I check registry path I don't see any of the keys that are suggested.
ANOTHERIMAGE.JPG
0
 
rwhittleAuthor Commented:
This is another image of the malware or virus
0
 
rwhittleAuthor Commented:
When I check processes I realize that a lsass.exe file if running from c:\winnt\db5d\lsass.exe also services.exe is running from the same path likewise csrss.exe.  I have Mcafee on my system ver 8 fully updated and it is running over the file and no recognizing them as malware/virus/trojans.
0
 
rpggamergirlCommented:

Run Flash_Disinfector.exe or Combofix:
1. Download and run this tool and follow the prompts:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe 

2.  Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 

You can also try Malwarebytes
Download Malwarebytes' Anti-Malware to your desktop. check for Updates before scanning.
http://www.malwarebytes.org/mbam.php
0
 
TekServerCommented:
You might also want to download and run HijackThis, and post the log file here.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

:)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.