win32/hidrag.a virus

Avg found a virus Win32/Hidrag.A on my computer and it can’t heal it. All of the exe files are infected. Could somebody help me? I can post hijackthis log, if you need this

 

hijack this log

 

Welcome

We ask that you please follow our procedure here. A HJT log is not the first step. Please follow the TUTORIAL listed below. I can see you haven't done either online scan.
This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure one of the PROS can help you. These guys are quite busy, as you can see by the number of posts, so hang in there. Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

I tried everything before wirintg here, but hidrag is still in my computer

 

OK then. Some one will try and look at it today. I won't be around much this weekend.

 

A few comments. When was that last time you updated your OS and I see you didn't run the onlone scans as directed what else didn't you do? Do not update to SP2 yet but you need to get some updates and run those scans. You have Wild tangent. We usually will recommend to get rid of that.

 

Run the online scans and submit new log. Have you done any of my previous post yet?

 

the main problem is that this pc don't have internet conncetion so I can't run online scan and it is the reason why os is not updated. Probably the best way will be to format hard drive

 

Don't do that yet. I am not around much anymore. Hopefully someone will look at it for you today.

 

Your virus is actually called Jeefo. AVG doesn't give any info on it but all the other AV manufacturers do. According to Panda you need to delete several registry keys, reboot and scan and delete any files. (I would run the scan and delete the files before you reboot though). Below is Panda's reg deletions... Good Luck!

How to remove Jeefo?

If Panda Antivirus or Panda ActiveScan detects Jeefo during the scan, it will automatically offer you the option of deleting it. Do this by following the program's instructions.

Finally, restore the original configuration of your computer by following the instructions below:

* In Windows Me/98/95 computers, delete the entry that Jeefo has created in the Windows Registry:

HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices
Power Manager = %windir%\svchost.exe
where %windir% is the Windows directory.

* In Windows 2003/XP/2000/NT computers:

Stop the Windows service belonging to Jeefo by accessing the Start menu, Run option, and typing the following command:
net stop PowerManager

Delete the entries that Jeefo has created in the Windows Registry in order to register itself as a Windows service, which are in the following paths:

HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Enum\ Root\ LEGACY_POWERMANAGER

HKEY_LOCAL_MACHINE\ SYSTEM\ ControlSet001\ Services\ PowerManager

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Enum\ Root\ LEGACY_POWERMANAGER

HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ PowerManager
* Restart the computer.
* In order to make sure that Jeefo is completely eliminated from your computer, carry out a full scan of your computer using Panda Antivirus or Panda ActiveScan.

 

omzas,

Thug has requsted me work with you. Lets start by giving me a current HJT log.

If at all possible download HJT and put it on a disk and transfer it to the computer with no internet connection.

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).