Solved

Been hit with Virus

Posted on 2012-04-02
12
457 Views
Last Modified: 2013-11-22
Hi Experts,

I believe I been hit with a virus.

I can't get rid of it in startup. Every time I uncheck it, it recheck's itself after I click on apply. I can't delete the file from the startup folder.

Its so bad its disabled Malwarebytes.

Please help

See attachments fo the virus. The name is rvjwphpc

Cheers
virus-in-msconfig.jpg
virus-in-startup.jpg
0
Comment
Question by:cpatte7372
  • 4
  • 2
  • 2
  • +4
12 Comments
 
LVL 24

Assisted Solution

by:smckeown777
smckeown777 earned 100 total points
ID: 37798628
Can you reboot into Safe mode and then try the delete
Sounds like its running which is why you can't delete, you should be able to once in Safe mode
0
 

Author Comment

by:cpatte7372
ID: 37798633
smckeown777

Thanks for responding.

To enter safe mode in Windows 7, is F7?

Cheers
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 37798664
No F8 like XP
Press before the Windows logo appears when u start the pc
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 100 total points
ID: 37798682
Can you access task manager?  You may find it in there and be able to end task it and then delete the file.
0
 
LVL 32

Accepted Solution

by:
willcomp earned 100 total points
ID: 37798775
Follow the general guidelines in this article by younghv. Run RogueKiller to stop malware processes and then try to run MBAM. If MBAM has been corrupted, you will need to reinstall it. http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/A_6550-2012-Malware-Variants.html

Followup with TDSSKiller.
0
 

Author Comment

by:cpatte7372
ID: 37798993
Thanks guys for your assistance with this.  I had to run out, but I will definitely be going through your suggestions.

I will let you know how I get on. And thank you

cheers
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 100 total points
ID: 37800586
Please post the logs of the tools that you run posted by willcomp above.

Thanks
0
 

Author Comment

by:cpatte7372
ID: 37801138
ssharma,

Can you provide me with the link to roguekiller. The link provided above doesn't provide the application - unless I'm looking in the wrong place?

Cheers

Carlton
0
 
LVL 32

Expert Comment

by:willcomp
ID: 37801167
0
 
LVL 5

Expert Comment

by:9660kel
ID: 37801319
You will probably need to run the FixNCR before you can run the rest of the tools.

It looks like you have been blocked from admin activities.
0
 
LVL 15

Assisted Solution

by:Russell_Venable
Russell_Venable earned 100 total points
ID: 37804264
cpatte7372,
Actually, From the pictures posted it does not look like the exe file extension has been modified. Further more. Safe mode can cause your machine to have greater damage by allowing the malware to replace windows protected files. Roguekiller will wipe the process tree, it will not however clean the svchosts list. Which is why the error reported above  "File in use" - "The action can't be completed because the file is opened in a Host Process for Windows Services". This is a generic error caused if you try to modify/delete a active service running under SVCHOST.exe.

Can you update use on what you have tried?

Try attempting to install MBAM as a randomly named executable. If that wont run you will need attempt to run combofix and post the log. If it removes entries in its initial scan it will be reported in its logfile located in the c:\ drive after its done scanning just post that log.

What happened before you noticed this process was added to the startup folder? Did you download/install anything new? Or even visit a odd website?
0
 

Author Closing Comment

by:cpatte7372
ID: 37867474
Thanks guys
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now