Solved

Nasty Virus

Posted on 2011-03-16
8
535 Views
Last Modified: 2012-06-21
anyone have any ideas what this is?

Erases all data on my flash drives
places several shortcuts which all point to nuoabijx.exe
also places a single video file ominously called "x"

I am currently in Haiti doing some volunteer computer work and this popped up on a computer i was taking a look at for one of the medical teams who have been here for several months. The computer was new out of the box when it arrived in Haiti, so the virus may be local to Haiti alone.

I ran avast boot time scanner and found numerous infections.

After booting avast fails to load on boot, when i try to run it via the desktop icon i get "the application has failed to start because its side-by-side configuration is incorrect.

msconfig reveals numerous files are trying to load on startup, none of which are actually located where msconfig says they are trying to launch from.


sorry for the lousy typing and formatting of the question but it's 2am and im running on empty. would like to get this working before my flight back to the states in 30 hours.
0
Comment
Question by:mchyzik
8 Comments
 
LVL 24

Expert Comment

by:jimyX
ID: 35154114
I haven't come across this virus before it could be a new infection.
One of the best tools that I recommend for you to use, which I am sure it will help you, is Avira (saved me a lot):
http://www.avira.com/en/support-download

If you can't install on the infected machine, there is a bootable rescue system tool which can help as well:
http://www.avira.com/en/support-download-avira-antivir-rescue-system
0
 
LVL 30

Expert Comment

by:ded9
ID: 35154115
Run malwarebytes free scan from safe mode with networking.

www.malwarebytes.org/ 


Ded9
0
 
LVL 30

Accepted Solution

by:
ded9 earned 500 total points
ID: 35154120
First run combofix from safe mode with networking

http://download.bleepingcomputer.com/protected/a64e0ec365f5688144b516a0223cabcd/4d81ab9c/ComboFix.exe

and then run

Run malwarebytes free scan from safe mode with networking.

www.malwarebytes.org/

Issue will get resolved


Ded9
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 8

Expert Comment

by:andoss
ID: 35154122
What ded9 has suggested.
Download malwarebytes on a clean computer, then boot the infected machine into safe mode with networking. (tap F8 at computer startup incase you don't know)

Install malwarebytes from a USB or similar (i'm assuming the virus doesn't do anything in safe mode as it shouldn't) then udpate it and run a full scan.
0
 
LVL 9

Expert Comment

by:Vampireofdarkness
ID: 35154141
1. Boot into safe mode w/ networking (F8 when booting up)

2. Run regedit (Start > Run > regedit) and navigate to (It could be one or more of these)  -- Delete all non-required / suspicious entries (these are startup entries)
  HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

3. Use Trend Micro's online virus scanner if you cannot install, or launch Avast: http://housecall.antivirus.com/

4. Start > Run > sfc /scannow
  You may need a Windows disk if this finds any inconsistencies

5. Remove all unknown / unnecessary IE / browser plugins.

6. Clear temporary files, downloads, etc... and reset your home page if not something trusted.

7. Perform all windows updates to make sure it isn't an OS security hole letting something in.

If this computer is in a network, you need to do this on ALL network machines before switching any of them back on to Windows normally.

For the regedit and sfc you may need administrative authorisation if UAC is enabled.
0
 

Author Comment

by:mchyzik
ID: 35154148
I'll start running the recommended fixes immediately. this will take some time however, since i am also trying to rebuild 15 or so neglected XP machines from parts...
0
 
LVL 8

Expert Comment

by:bright12
ID: 35154170
You can also try Hitmanpro.

This program will remove viruses and repair any system files if needed.

http://www.surfright.nl/en
0
 

Author Closing Comment

by:mchyzik
ID: 35154732
Thanks for the help, im adding combofix to my tools folder as it was very useul. P.S. just one more machine to rebuild and I can sleep.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question