So some of my friends has got their xp infected by some virus. A friend gave me very vague information about the virus and with that information i tried google search but couldnt find anybody else having that problem.
The info is

1) Task manager gets disabled.
2) If gtalk is running, it will send an instant message to top 10 people in the contact list saying something like "view my webcam......"
3)Some New Folder is automatically created and that folder is empty.
4)The virus file is not known. I mean there is no info that xyz.exe is the virus file.
5) Scanned with avg 8 antivirus free edition but nothing found..


Since his computer gets slow etc he cant install uninstall different virus programmes.

Any suggestions how to deal with it?

Hi Divlord:

first. YOur friends up shit-creek.

secondly; the new folder I would imagine has hidden content that can't be viewed by the user. I would reccommend that he not open it at all.

He probably already has, so its too late for that suggestion.

AVG is cheap quality and doesn't detect much.

Thirdly; these guys here:

Tech Support Guy - Free help for Windows Vista, XP, and more! (http://forums.techguy.org/)

They are the best in the business when it comes to helping to remove malware/virus.

Yes. They use AVG and all.

I recommend ESET NOD32 in the future. Nothing gets past NOD32.

PM me on how to get it {if you want that is}.

That forum I that I gave the link to above, they also use HijackThis. A small proggy that'll be necessary to use if/when your friend decides to visit there for help.

HijackThis can be found here:

TrendSecure | TrendMicro HijackThis Overview (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis)

You might as well copy/paste this post and email this message to him if you'd like.

Thats all. All the best to your friend.
Virus' can take all day to get rid of.

This I know from experience.



0

Shutdown (PowerOff) the PC and use the BartPE-CD (http://www.nu2.nu/pebuilder/) to boot.
Then you start there the RunAlyzer.
After that you look there at Autorun and look at all the entries. (disable all the entries which are from the virus)

best regards
v6ph1

Shutdown (PowerOff) the PC and use the BartPE-CD (http://www.nu2.nu/pebuilder/) to boot.
Then you start there the RunAlyzer.
After that you look there at Autorun and look at all the entries. (disable all the entries which are from the virus)

best regards
v6ph1


divlord. You could also follow v6ph1's suggestion and do that if your friend has got BARTPE. Thats a good suggestion too.

Shutdown (PowerOff) the PC and use the BartPE-CD (http://www.nu2.nu/pebuilder/) to boot.
Then you start there the RunAlyzer.
After that you look there at Autorun and look at all the entries. (disable all the entries which are from the virus)

best regards
v6ph1


can you please tell
whats the basic use of bartPE-CD tool? basically whats it??

Download these programs:

APT 2.1 (http://www.sb-innovation.de/f69/advanced-process-termination-5704/)
Autoruns (http://www.sb-innovation.de/f69/autoruns-9-32-a-4853/)
RegHance (http://www.majorgeeks.com/RegHance_d468.html)


Open APT (which can get through hooks the virus may have possibly set up), and post a screen of what's running here.

Boot into safe mode.

Open APT again, and terminate the virus' process(es).

Open Autoruns, write down the virus' EXE and DLL filenames, and delete all its autorun entries.

Open RegHance, go to the

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
and

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System
registry keys, and delete the DisableTaskMgr DWORD value.

You can now manually search for the virus' EXE/DLL files you wrote down, and delete them. If you can't (because they are still in use), reboot into safe mode again, and proceed to delete them - they shouldn't be locked by now.


Bart-PE is essentially an isolated "mini-Windows" you can make (you need the original XP CD) and run from a disc.

Okey, I installed avast and scanned the system in boot time(avast has that feature) , and deleted 562 viruses :shockkk!:. The main virus which started it is called gphone.exe.
Now no virus is there in the system but i want to restore the changes it made.
like enabling the task manager (i did what anon said and enabled the task manager)
still there are many changes left that the virus made...

like
1)on running regedit, it says "registry editing has been disabled by administrator".
2) when i open my computer, the tools option in toolbar doesnt show "folder options" option.
3) I try to double click a drive and it gets the action "open with".
4) System restore wont work.
5) many other changes that it made and i might not have noticed.

so how do i get those settings back?

Sorry for the delay, I missed your post.


like
1)on running regedit, it says "registry editing has been disabled by administrator".

2) when i open my computer, the tools option in toolbar doesnt show "folder options" option.

5) many other changes that it made and i might not have noticed.
Open Regedit, and delete the

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\System
and

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Policies\System
registry keys. Necessary values should be recreated with a reboot.

Also go to the

HKEY_CURRENT_USER\Software\Policies\Microsoft\Wind ows\System
key, and delete the DisableCMD DWORD value.

__________________________________________________


3) I try to double click a drive and it gets the action "open with".

Solve the Folder Options issue first.
Enable showing hidden and critical system files, and delete the autorun.inf file from the root of all drives.

__________________________________________________


4) System restore wont work.

Go to Start -> Run... -> type services.msc and press ENTER. (Re-)enable the System Restore service.

Also open the

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore
registry key in Regedit, and delete the DisableConfig and DisableSR DWORD values.

__________________________________________________

You may also want to visit this site (http://64.233.183.104/search?q=cache%3Ahttp%3A%2F%2Fdrvamsikrishna.blogs pot.com%2F2007%2F02%2Fsolution-for-folder-options-missing_28.html) for more information - I don't think that's exactly the virus your friend has been infected with, but it can help you further reduce damage.

Try this program Malwarebytes' Anti-Malware. Worked miracles for me a few times.

Download SUPERAntiSpyware from SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! (http://www.superantispyware.com). It will run in conjunction with the AVG version you are running. The two may find very different infections.

Nice bump :tongue:

1. Restart your PC
2.Start window in safe mode
3) install Avast and after installing it will ask you to restart,HIT YES
It will now scan your PC in boot mode:smile:

Also use super antispyware professional..

Booting from a Live CD to run the scan would be the best if you aren't sure whether the virus could have infected Windows system files.

i suggest you to scan online via bitdefender.com .. :)

if you going for sure format your hard drive :tongue::biggrin:


it's always good to make extra partitions on hard drive.i have one for operating system and one for games,documents,movies....so if some big shit happens with operating system just install again.all other things like games ,movies...are untouched

I highly suggest you download+scan with the following

NOOB Killer by Leerz
COMBOFIX then SDFIX

Same I said in post #11...