Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Virus cannot be removed

Posted on 2011-03-17
11
Medium Priority
?
783 Views
Last Modified: 2012-05-11
hi guys,

I have 4 windows xp in my network, all of them are infected with an unknown virus.
I have tried avg, malwarebyte, microsoft security and it didn't work also I created a karpesky's bootable cd and "No virus found" also tried conflicker tools but it just said "no virus found".  the problems is I can not  access to any computer or share folder    start -> run -> \\computer1 start asking for password when I type the password just said it didn't find the domain.  phisical conectivity is fine.  all the computer has a services with an strange name like in the picture.

basically I would like to know how to remove it without format my pc?
e1 e3
0
Comment
Question by:nttech
11 Comments
 
LVL 4

Expert Comment

by:ucando1
ID: 35162076
Backup and reinstall xp, If there is a bug, that was removed it may have damaged sys files and the clean install is the best option anyhow.
0
 

Author Comment

by:nttech
ID: 35162132
Thanks for your reply.

this option is not the best way to go for 2 reasons.

I don't know where the virus is, so  when I transfer back up or  data  it may affect my computers again.

second reason is now I have 12 machine infected and It can take me a week to rebuild this machine.
0
 
LVL 80

Expert Comment

by:arnold
ID: 35162753
Boot the system in safe mode and navigate to the c:\windows\prefetch
Clear the stuff from there exluding the layout.ini file.
See if that helps.
While in safe mode you could delete the service:
http://geekswithblogs.net/shahedul/archive/2006/10/13/93984.aspx
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 27

Expert Comment

by:Jonvee
ID: 35163198
Try running an Eset online scan, it has proved to have been effective when other scanners have failed:
http://www.eset.com/online-scanner 

If no improvement, try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
0
 
LVL 27

Accepted Solution

by:
Jonvee earned 1500 total points
ID: 35163223
If those two scanners find nothing theres still ComboFix!    We could take a look at the resulting log file to see if any infection has been "deleted", then decide if a re-run with a script is necessary.

Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, or Shields that you may have running.
It may also be necessary to rename ComboFix.exe before saving it to your desktop.  
If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine.

Double click "combofix.exe"(or the renamed ComboFix.exe) and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
Please post that log here.

ComboFix must be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 

Author Comment

by:nttech
ID: 35163383
Thanks guys I will do it and I let you know the result
Cheers
0
 
LVL 4

Expert Comment

by:coolcurrent4u
ID: 35163717
Try Avira antivirus, when installing it, set the install option to custom, and set the detection mode to High Heuristic. Am using avira premium, and it is very effective.

Also just to be sure make sure the virus is not transfered by one of your users, restrict usb drive access for the main time.

and make sure the file is you are trying to access is present and is accessible.

Download hijack this and scan you system and post the log here for help.

Also download process viewer and also scan and post the screen-shot of file list here for help
0
 
LVL 6

Expert Comment

by:mkuehngoe
ID: 35164002
Try the microsoft removal tool for malicious software. In most cases this will get the stuff (loopks like trojan)
0
 
LVL 23

Expert Comment

by:edbedb
ID: 35164483
I don't think it will solve the issue but you could just delete that entry in the Autoruns list. That should remove the service and it can't hurt anthing because the target file is missing anyway.
0
 

Author Comment

by:nttech
ID: 35177334
Hi guys,

I tried all your suggestions and I couldn't clean it up. for 2 reason.
the virus is in the server and every time users tried to open a map drive, they get infected.
second reason. this computers are running an application that need to run using IE 7. so they are not getting Update from windows, I call AVG support and they have advised me one of the reason this virus is attacking me is because we didn't patch the computer running xp.  computer running windows 7 are fine.

at the end I have created a virtual machine running windows 7 and everything looks ok.  it's a solucion temporarily, but it will give me time to think how to fix it.  thanks everyone for your answers.  
0
 

Author Closing Comment

by:nttech
ID: 35177341
read above
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question