I had a VERY VERY BAAD experience last night when I connected my USB thumbdrive to my PC. I've been using this thumbdrive to transport my college work and progress to and from college pcs to my home pc. Now, I normally scan my thumbdrive first but most of the time if it is infected, either norton or spyware doctor will immediately prompt me upon auto-running the thumbdrive that it is infected yadayadayada. But because I was in a bit of a rush last night I accidentally opened the uUSB drive without scanning it first and as I permanently put my folder settings to view hidden files I saw two very-obviously-not-my-files and they're very obviously spyware/worms. What I didn't expect was that none of the american anti virus / anti spyware programs could not detect / could not remove it. Worst still, it wasn't just ONE worm , it was several malicious keyloggers, trojans and browser hijackers all packed in one. It spawned into all 5 of my drives!! You wouldn't even believe the number of keylogs it created! I could not even remove any of them, restarting and trying to go into safe mode only ended in getting the blue screen. The virus totally prevented me from going into safe mode. The reason why none of the american antivirus/spyware products that I have did not respond to it is because the shit that was in my thumbdrive was written in Chinese and obviously by Chinese!! None of the softwares even have logs of this spyware/virus in their websites. And the stupidest thing is I happen to get infected by a very new virus that only launched on th 29th of 28th of May. When I googled the names of the viruses, only chinese websites and forums turned up, and unfortunately for me, I can't bleeding read chinese if my life depended on it. So had to use the Alta-Vista Babelfish Translator and try to make sense of the direct and more often than not wrong translations. Oh and another thing, it screwed up my time and sent it back to year 1899 or something like that and it renders the folder option to view hidden files useless. So can't see any of the hidden files at all. This morning I ran norton antivirus and spyware doctor and lavasoft ad-aware and I found that I still had the Trojan viruses (89 hits on Spyware Doctor) I'M GOING NUTS!! I NEED HELP!!!! ARGH!!! Someone translate those instructions from chinese to english on how remove these evil things for my precious pc! The names of the viruses are: Trojan.PWS.QQRob.V Trojan.Agent.ABF mal-Files: wocfiba.exe gnkjkrl.exe
u need to terminate a lot of suspicious processes first then go through your autorun list to disable lots of suspicious stuffs then run full system scan i usually use Sysinternals Autorun & process explorer
Ouch this usually sucks. Hmmm You'd definitely need to go into safe mode and try to kill/delete all the suspicious stuff. You'd also have to explore the registry to remove the suspicious looking startup apps. It helps to have a notebook or another PC to check the exes listed to see if they are legit or not.
Hmm.. IMHO, the best way would be to use a SECOND PC, one that's loaded with the latest antivirus definitions. Then use this PC to scan and clean your infected hard drives. Loading your current operating system, even in safe mode, will not help. They will almost certainly still load up. Safest way would be to use another PC to do the cleaning job. Alternatively, install another hard drive, install a new OS and antivirus software and then boot up using that hard drive to scan your infected hard drives. The point is to boot up with a clean OS and run an updated antivirus software to clean your infected hard drives.
Problem is, the trojan wont allow you to boot into safe mode. A blue screen will appear once Safe Mode is selected.
For every attempt to kill it, it will add 30-40 registry entries.. and respawn itself. And this trojan will infect all your drives, it copies an autorun.inf & exe file with hidden attributes. After which it will then mess up your registry so that the Show or Hide all hidden files in XP is disabled. Took an hour and a half to manually delete the registry entries, disable autoplay and ran a batch script to kill & force delete the exe file.
Hmm.. Personally, I would just use a second PC to clean up the hard drive. The registry entries will still be there, but at least the infecting binaries will be removed. You can clean up the registry later on.
Would it be possible to use a linux live cd or one of the many emergency boot CD's that one can find on the internet to clean the pc?
Just wondering? How do you use a second pc to clean up a hdd? Do you mean putting the infected drive in another pc to run a virus scan?
Yup, basically, we need to boot up with a clean OS and then use an updated antivirus software to scan the infected hard drives. As long as you do NOT boot from the infected drives, your second system will be safe.
I like the Linux Live CD idea. A lot of the time you can get package to install on the RAM disk it creates. Try that if you can, and get AVG. You will need a NTFS read/write package as well, but Linux will be immune to the virus as the kernel is over-protected, and is on read-only media.
I update norton antivirus every week (and sometimes even twice a week), i scan my pc 4 times a week. i have 3 different types of anti spyware program, two of which runs 24/7. the problem is NONE of them DETECTS the above mentioned viruses and worms, or if they do, they can't do shit about it because it respawns in seconds. so in other words, anti virus software has been rendered useless. and it actually spread to all 3 of my drives, four if you include my thumbdrive. i have more than two pcs at home, but i didn't want to risk infecting the rest of them as well knowing that antivirus softwares does not currently work with worms that come from these chinese sources. and I also did mention that it is relatively new...and by that i mean just a week ago. ANYWAY, went into registry to delete all the keys and created a batch file to force delete the worms. seems cleaned at the moment. I read a lot of buzz about these spywares coming from chinese sources in the low yat forums. making lotsa people very frustrated because the majority of anti-virus software do not have signature updates of these trojans or viruses.
Oh itu trojan. I got it too. infected my USB drive. Not many scanners detected it. AVG did but symantec didn't. But lucky for me, it didn't travel out of my thumbdrive. Immediately deleted the Autorun.inf file. Hmmm looks like the only option is the one suggested by Adrian. worse case scenario, reinstall OS?
Yeah, worst case solution would be to reinstall the OS and associated programs. Just remember to copy out your documents if you intend to format the partition.
Hmm... if Safe Mode isn't accessible, you must use the step-by-step booting process. Skip all of some of the processes loading before Entering windows manually...
