[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Virus creating exe file in each folder

Posted on 2009-12-29
13
Medium Priority
?
1,228 Views
Last Modified: 2013-11-22
Dear Expert,

I got a virus in network pc which is creating an exe file in each folder with same folder name.
I have Symantec Endpoint Protection 11.0 installed but unable to clear the virus.
I also tried removing it with Malwarebytes but still same problem.
Please help ASAP.

Regards,
Sanjeev Kumar
0
Comment
Question by:sanjeevkmrs
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 12

Accepted Solution

by:
splait earned 750 total points
ID: 26141624
Have you tried scanning the machine with an online scanner?  ESET has one at www.eset.com/onlinescan that will scan and remove what it finds.  Pay attention to your options when it first comes up.
0
 
LVL 22

Assisted Solution

by:optoma
optoma earned 750 total points
ID: 26141877
Is only one machine affected?
If so temporaily disable any shared/mapped drives and rescan with Mbam.
If it reappears scan with Combofix>read+follow its proceedures and attach logfile here after
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Also check any share folders/mapped drives in case one of them are the "host" for the nasty.
0
 

Author Comment

by:sanjeevkmrs
ID: 26143228
It is only one pc infected.
am trying with eset online scanner now.
then will give a try to combofix.
lets hope
will update you soon
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:sanjeevkmrs
ID: 26143796
Dear Splait / Optoma

both option found the viruses on pc and deleted them.

The virus name is WIN32/Sohanad.Gen worm

But still the internet explorer home page settings option is locked with http://thegoogle.we.bs 
and whenever I browse internet it comes up with http://www.advgoogle.blogspot.com


Please help.

Regards,
Sanjeev Kumar
0
 
LVL 22

Expert Comment

by:optoma
ID: 26143966
Can you attach Combofix's logfile.
0
 

Author Comment

by:sanjeevkmrs
ID: 26144164
Please find attached the combo fix log file
log.txt
0
 
LVL 22

Expert Comment

by:optoma
ID: 26144647
Run this -Hitman Pro and note any detections
Hitman Pro http://www.surfright.nl/en/hitmanpro (you can uninstall it after a restart)

Also check your hosts file for unusual entries
c:\windows\system32\drivers\etc
0
 

Author Comment

by:sanjeevkmrs
ID: 26146048
Hello Optoma,

Task manager is fixed with hitmanpro but still internet explorer is same
0
 
LVL 22

Expert Comment

by:optoma
ID: 26146202
Have you checked the hosts file?
You can run Hijackthis and attach its logfile here
http://go.trendmicro.com/free-tools/hijackthis/beta/HijackThis.msi

What did Hitmanpro find?
0
 
LVL 13

Expert Comment

by:upalakshitha
ID: 26151930
under software restriction policies add the hash of foldername.exe created by virus to Disallow.
restart it will not run again only if that is the virus.
this is the only way to prevent running a virus that does not detect to a virus scaner
if success now seach for *.exe in my computer & delete all exe files are present under folder icon
folder icon shows only if it does not detect to realtime virus scaner
0
 
LVL 3

Expert Comment

by:Bransby-IT
ID: 26152387
I would change your anti-virus to eset nod32 as well while your at it.
0
 

Author Closing Comment

by:sanjeevkmrs
ID: 31670816
It fixed the problem.

Thanks & Regards,
Vijay Kumar
0
 
LVL 12

Expert Comment

by:splait
ID: 26188946
Just off hand, Vijay, if it fixed the problem, why a "B"?
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question