Solved

Virus cannot be removed

Posted on 2011-03-17
11
776 Views
Last Modified: 2012-05-11
hi guys,

I have 4 windows xp in my network, all of them are infected with an unknown virus.
I have tried avg, malwarebyte, microsoft security and it didn't work also I created a karpesky's bootable cd and "No virus found" also tried conflicker tools but it just said "no virus found".  the problems is I can not  access to any computer or share folder    start -> run -> \\computer1 start asking for password when I type the password just said it didn't find the domain.  phisical conectivity is fine.  all the computer has a services with an strange name like in the picture.

basically I would like to know how to remove it without format my pc?
e1 e3
0
Comment
Question by:nttech
11 Comments
 
LVL 4

Expert Comment

by:ucando1
ID: 35162076
Backup and reinstall xp, If there is a bug, that was removed it may have damaged sys files and the clean install is the best option anyhow.
0
 

Author Comment

by:nttech
ID: 35162132
Thanks for your reply.

this option is not the best way to go for 2 reasons.

I don't know where the virus is, so  when I transfer back up or  data  it may affect my computers again.

second reason is now I have 12 machine infected and It can take me a week to rebuild this machine.
0
 
LVL 77

Expert Comment

by:arnold
ID: 35162753
Boot the system in safe mode and navigate to the c:\windows\prefetch
Clear the stuff from there exluding the layout.ini file.
See if that helps.
While in safe mode you could delete the service:
http://geekswithblogs.net/shahedul/archive/2006/10/13/93984.aspx
0
 
LVL 27

Expert Comment

by:Jonvee
ID: 35163198
Try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner 

If no improvement, try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 500 total points
ID: 35163223
If those two scanners find nothing theres still ComboFix!    We could take a look at the resulting log file to see if any infection has been "deleted", then decide if a re-run with a script is necessary.

Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running.
It may also be necessary to rename ComboFix.exe before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Please post that log here.

ComboFix must be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:nttech
ID: 35163383
Thanks guys I will do it and I let you know the result
Cheers
0
 
LVL 4

Expert Comment

by:coolcurrent4u
ID: 35163717
Try Avira antivirus, when installing it, set the install option to custom, and set the detection mode to High Heuristic. Am using avira premium, and it is very effective.

Also just to be sure make sure the virus is not transfered by one of your users, restrict usb drive access for the main time.

and make sure the file is you are trying to access is present and is accessible.

Download hijack this and scan you system and post the log here for help.

Also download process viewer and also scan and post the screen-shot of file list here for help
0
 
LVL 6

Expert Comment

by:mkuehngoe
ID: 35164002
Try the microsoft removal tool for malicious software. In most cases this will get the stuff (loopks like trojan)
0
 
LVL 23

Expert Comment

by:edbedb
ID: 35164483
I don't think it will solve the issue but you could just delete that entry in the Autoruns list. That should remove the service and it can't hurt anthing because the target file is missing anyway.
0
 

Author Comment

by:nttech
ID: 35177334
Hi guys,

I tried all your suggestions and I couldn't clean it up. for 2 reason.
the virus is in the server and every time users tried to open a map drive, they get infected.
second reason. this computers are running an application that need to run using IE 7. so they are not getting Update from windows, I call AVG support and they have advised me one of the reason this virus is attacking me is because we didn't patch the computer running xp.  computer running windows 7 are fine.

at the end I have created a virtual machine running windows 7 and everything looks ok.  it's a solucion temporarily, but it will give me time to think how to fix it.  thanks everyone for your answers.  
0
 

Author Closing Comment

by:nttech
ID: 35177341
read above
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now