Virus cannot be removed

hi guys,

I have 4 windows xp in my network, all of them are infected with an unknown virus.
I have tried avg, malwarebyte, microsoft security and it didn't work also I created a karpesky's bootable cd and "No virus found" also tried conflicker tools but it just said "no virus found".  the problems is I can not  access to any computer or share folder    start -> run -> \\computer1 start asking for password when I type the password just said it didn't find the domain.  phisical conectivity is fine.  all the computer has a services with an strange name like in the picture.

basically I would like to know how to remove it without format my pc?
e1 e3
nttechAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
JonveeConnect With a Mentor Commented:
If those two scanners find nothing theres still ComboFix!    We could take a look at the resulting log file to see if any infection has been "deleted", then decide if a re-run with a script is necessary.

Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running.
It may also be necessary to rename ComboFix.exe before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Please post that log here.

ComboFix must be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
ucando1Commented:
Backup and reinstall xp, If there is a bug, that was removed it may have damaged sys files and the clean install is the best option anyhow.
0
 
nttechAuthor Commented:
Thanks for your reply.

this option is not the best way to go for 2 reasons.

I don't know where the virus is, so  when I transfer back up or  data  it may affect my computers again.

second reason is now I have 12 machine infected and It can take me a week to rebuild this machine.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
arnoldCommented:
Boot the system in safe mode and navigate to the c:\windows\prefetch
Clear the stuff from there exluding the layout.ini file.
See if that helps.
While in safe mode you could delete the service:
http://geekswithblogs.net/shahedul/archive/2006/10/13/93984.aspx
0
 
JonveeCommented:
Try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner 

If no improvement, try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
nttechAuthor Commented:
Thanks guys I will do it and I let you know the result
Cheers
0
 
coolcurrent4uCommented:
Try Avira antivirus, when installing it, set the install option to custom, and set the detection mode to High Heuristic. Am using avira premium, and it is very effective.

Also just to be sure make sure the virus is not transfered by one of your users, restrict usb drive access for the main time.

and make sure the file is you are trying to access is present and is accessible.

Download hijack this and scan you system and post the log here for help.

Also download process viewer and also scan and post the screen-shot of file list here for help
0
 
mkuehngoeCommented:
Try the microsoft removal tool for malicious software. In most cases this will get the stuff (loopks like trojan)
0
 
edbedbCommented:
I don't think it will solve the issue but you could just delete that entry in the Autoruns list. That should remove the service and it can't hurt anthing because the target file is missing anyway.
0
 
nttechAuthor Commented:
Hi guys,

I tried all your suggestions and I couldn't clean it up. for 2 reason.
the virus is in the server and every time users tried to open a map drive, they get infected.
second reason. this computers are running an application that need to run using IE 7. so they are not getting Update from windows, I call AVG support and they have advised me one of the reason this virus is attacking me is because we didn't patch the computer running xp.  computer running windows 7 are fine.

at the end I have created a virtual machine running windows 7 and everything looks ok.  it's a solucion temporarily, but it will give me time to think how to fix it.  thanks everyone for your answers.  
0
 
nttechAuthor Commented:
read above
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.