mchyzik
asked on
Nasty Virus
anyone have any ideas what this is?
Erases all data on my flash drives
places several shortcuts which all point to nuoabijx.exe
also places a single video file ominously called "x"
I am currently in Haiti doing some volunteer computer work and this popped up on a computer i was taking a look at for one of the medical teams who have been here for several months. The computer was new out of the box when it arrived in Haiti, so the virus may be local to Haiti alone.
I ran avast boot time scanner and found numerous infections.
After booting avast fails to load on boot, when i try to run it via the desktop icon i get "the application has failed to start because its side-by-side configuration is incorrect.
msconfig reveals numerous files are trying to load on startup, none of which are actually located where msconfig says they are trying to launch from.
sorry for the lousy typing and formatting of the question but it's 2am and im running on empty. would like to get this working before my flight back to the states in 30 hours.
Erases all data on my flash drives
places several shortcuts which all point to nuoabijx.exe
also places a single video file ominously called "x"
I am currently in Haiti doing some volunteer computer work and this popped up on a computer i was taking a look at for one of the medical teams who have been here for several months. The computer was new out of the box when it arrived in Haiti, so the virus may be local to Haiti alone.
I ran avast boot time scanner and found numerous infections.
After booting avast fails to load on boot, when i try to run it via the desktop icon i get "the application has failed to start because its side-by-side configuration is incorrect.
msconfig reveals numerous files are trying to load on startup, none of which are actually located where msconfig says they are trying to launch from.
sorry for the lousy typing and formatting of the question but it's 2am and im running on empty. would like to get this working before my flight back to the states in 30 hours.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What ded9 has suggested.
Download malwarebytes on a clean computer, then boot the infected machine into safe mode with networking. (tap F8 at computer startup incase you don't know)
Install malwarebytes from a USB or similar (i'm assuming the virus doesn't do anything in safe mode as it shouldn't) then udpate it and run a full scan.
Download malwarebytes on a clean computer, then boot the infected machine into safe mode with networking. (tap F8 at computer startup incase you don't know)
Install malwarebytes from a USB or similar (i'm assuming the virus doesn't do anything in safe mode as it shouldn't) then udpate it and run a full scan.
1. Boot into safe mode w/ networking (F8 when booting up)
2. Run regedit (Start > Run > regedit) and navigate to (It could be one or more of these) -- Delete all non-required / suspicious entries (these are startup entries)
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \Run
HKLM\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \Run
HKCU\Software\Microsoft\Wi ndows\Curr entVersion \RunOnce
3. Use Trend Micro's online virus scanner if you cannot install, or launch Avast: http://housecall.antivirus.com/
4. Start > Run > sfc /scannow
You may need a Windows disk if this finds any inconsistencies
5. Remove all unknown / unnecessary IE / browser plugins.
6. Clear temporary files, downloads, etc... and reset your home page if not something trusted.
7. Perform all windows updates to make sure it isn't an OS security hole letting something in.
If this computer is in a network, you need to do this on ALL network machines before switching any of them back on to Windows normally.
For the regedit and sfc you may need administrative authorisation if UAC is enabled.
2. Run regedit (Start > Run > regedit) and navigate to (It could be one or more of these) -- Delete all non-required / suspicious entries (these are startup entries)
HKLM\Software\Microsoft\Wi
HKLM\Software\Microsoft\Wi
HKCU\Software\Microsoft\Wi
HKCU\Software\Microsoft\Wi
3. Use Trend Micro's online virus scanner if you cannot install, or launch Avast: http://housecall.antivirus.com/
4. Start > Run > sfc /scannow
You may need a Windows disk if this finds any inconsistencies
5. Remove all unknown / unnecessary IE / browser plugins.
6. Clear temporary files, downloads, etc... and reset your home page if not something trusted.
7. Perform all windows updates to make sure it isn't an OS security hole letting something in.
If this computer is in a network, you need to do this on ALL network machines before switching any of them back on to Windows normally.
For the regedit and sfc you may need administrative authorisation if UAC is enabled.
ASKER
I'll start running the recommended fixes immediately. this will take some time however, since i am also trying to rebuild 15 or so neglected XP machines from parts...
You can also try Hitmanpro.
This program will remove viruses and repair any system files if needed.
http://www.surfright.nl/en
This program will remove viruses and repair any system files if needed.
http://www.surfright.nl/en
ASKER
Thanks for the help, im adding combofix to my tools folder as it was very useul. P.S. just one more machine to rebuild and I can sleep.
One of the best tools that I recommend for you to use, which I am sure it will help you, is Avira (saved me a lot):
http://www.avira.com/en/support-download
If you can't install on the infected machine, there is a bootable rescue system tool which can help as well:
http://www.avira.com/en/support-download-avira-antivir-rescue-system