Solved

Virus cannot be removed

Posted on 2011-03-17
11
780 Views
Last Modified: 2012-05-11
hi guys,

I have 4 windows xp in my network, all of them are infected with an unknown virus.
I have tried avg, malwarebyte, microsoft security and it didn't work also I created a karpesky's bootable cd and "No virus found" also tried conflicker tools but it just said "no virus found".  the problems is I can not  access to any computer or share folder    start -> run -> \\computer1 start asking for password when I type the password just said it didn't find the domain.  phisical conectivity is fine.  all the computer has a services with an strange name like in the picture.

basically I would like to know how to remove it without format my pc?
e1 e3
0
Comment
Question by:nttech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 4

Expert Comment

by:ucando1
ID: 35162076
Backup and reinstall xp, If there is a bug, that was removed it may have damaged sys files and the clean install is the best option anyhow.
0
 

Author Comment

by:nttech
ID: 35162132
Thanks for your reply.

this option is not the best way to go for 2 reasons.

I don't know where the virus is, so  when I transfer back up or  data  it may affect my computers again.

second reason is now I have 12 machine infected and It can take me a week to rebuild this machine.
0
 
LVL 78

Expert Comment

by:arnold
ID: 35162753
Boot the system in safe mode and navigate to the c:\windows\prefetch
Clear the stuff from there exluding the layout.ini file.
See if that helps.
While in safe mode you could delete the service:
http://geekswithblogs.net/shahedul/archive/2006/10/13/93984.aspx
0
Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

 
LVL 27

Expert Comment

by:Jonvee
ID: 35163198
Try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner 

If no improvement, try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 500 total points
ID: 35163223
If those two scanners find nothing theres still ComboFix!    We could take a look at the resulting log file to see if any infection has been "deleted", then decide if a re-run with a script is necessary.

Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running.
It may also be necessary to rename ComboFix.exe before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Please post that log here.

ComboFix must be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:nttech
ID: 35163383
Thanks guys I will do it and I let you know the result
Cheers
0
 
LVL 4

Expert Comment

by:coolcurrent4u
ID: 35163717
Try Avira antivirus, when installing it, set the install option to custom, and set the detection mode to High Heuristic. Am using avira premium, and it is very effective.

Also just to be sure make sure the virus is not transfered by one of your users, restrict usb drive access for the main time.

and make sure the file is you are trying to access is present and is accessible.

Download hijack this and scan you system and post the log here for help.

Also download process viewer and also scan and post the screen-shot of file list here for help
0
 
LVL 6

Expert Comment

by:mkuehngoe
ID: 35164002
Try the microsoft removal tool for malicious software. In most cases this will get the stuff (loopks like trojan)
0
 
LVL 23

Expert Comment

by:edbedb
ID: 35164483
I don't think it will solve the issue but you could just delete that entry in the Autoruns list. That should remove the service and it can't hurt anthing because the target file is missing anyway.
0
 

Author Comment

by:nttech
ID: 35177334
Hi guys,

I tried all your suggestions and I couldn't clean it up. for 2 reason.
the virus is in the server and every time users tried to open a map drive, they get infected.
second reason. this computers are running an application that need to run using IE 7. so they are not getting Update from windows, I call AVG support and they have advised me one of the reason this virus is attacking me is because we didn't patch the computer running xp.  computer running windows 7 are fine.

at the end I have created a virtual machine running windows 7 and everything looks ok.  it's a solucion temporarily, but it will give me time to think how to fix it.  thanks everyone for your answers.  
0
 

Author Closing Comment

by:nttech
ID: 35177341
read above
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question