Can't get rid of this virus....

Discussion in 'Malware Help (A Specialist Will Reply)' started by bigwhiffa, Feb 21, 2006.

  1. bigwhiffa

    bigwhiffa Private E-2

    I need some help figuring out what is left to clean out on my system after following the majorgeeks Virus Removal Guide. I am not particularly gifted with computers (hence the virus problem in the first place) but I would appreciate any and all help given.

    Well, here goes...

    I have Windows XP and Service Pack 2

    I received a nasty virus, worm, whatever this weekend via good ol' MS Messenger.

    Symptoms
    1) It shutdown my AntiVirus everytime I tried to start it and would not let me access any AV companies webpages.
    2) MS Messenger is then autorunning whenever it wants, probably speading the damn thing to my friends list.
    3) Firewall auto shuts down as does every other AV application giving me more viruses etc..

    Great!

    So I panic cause I cant run the things needed to fix this stupid virus.

    After coming to my senses I go to the majorgeeks Virus Removal Guide and follow the steps...
    which have inevitably lead me here begging for your help.

    Removal Steps and the Re/action

    1) CCleaner - ok

    2) MS Windows Malicious Software Removal Tool - ok

    3) Ad-Aware SE - 1 possible virus file in registry HKEY_CLASSES_ROOT:reffile\shell\open\command""("%1")
    ACTION: Removed it

    4) Spybot S+D - 1 file
    FakeMSN8Beta (includes) c:\windows\system32\taskkill.com
    c:\windows\system32\netstat.com
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\csrss
    ACTION: Removed it

    5)MS Windows Defender - 1 file
    C:\WINDOWS\system32\drivers\etc\hosts
    ACTION: Removed it

    6) Being overly paranoid I download counterspy and run that too.

    Bitdefender Log (attached)

    Panda ActiveScan (attached)

    HiJackThis (attached)

    -so after all of this msmessenger has stopped auto running. firewall is no longer deactivated, and i can access Antivirus programs. But I have a sneaking suspicion that there are things that are left that need to be removed still.

    Thank you for your help
     

    Attached Files:

    bigwhiffa, Feb 21, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to MGs!

    Let's start by checking something.

    Navigate to your C:\Windows\System32 folder and delete the below files if found (only delete exactly what I list):

    cmd.com
    netstat.com
    ping.com
    regedit.com
    taskkill.com
    tasklist.com
    tracert.com

    Keep track of which ones you find (if any) and tell me.

    Now you need to look to see if the below files exist in the C:\Windows\System32 folder and also tell me their sizes:
    cmd.exe
    netstat.exe
    ping.exe
    regedit.exe
    taskkill.exe
    tasklist.exe
    tracert.exe

    Your Panda log indicated you have or had Virus:W32/Tobecho.N.worm

    You should read the below as some passwords may have been compromised (consider if this impacts any online banking or credit card info):

    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=det&idvirus=62845

    You did not save your BitDefender log properly and as such, it does not give us any useful information.
     
    chaslang, Feb 21, 2006
    #2
  3. bigwhiffa

    bigwhiffa Private E-2

    Thanks for the speedy reply to my problem :)

    I deleted netstat.com ping.com and taskkill.com

    In regards to the .exe file sizes...

    cmd.exe 379KB
    netstat.exe 36KB
    ping.exe 17.5KB
    taskkill.exe 70.5KB
    tasklist.exe 70.5KB
    tracert.exe 12KB

    Thanks again for all your help :)
     
    bigwhiffa, Feb 22, 2006
    #3
  4. bigwhiffa

    bigwhiffa Private E-2

    oh and i am going to rescan with bitdefender and repost that... sorry about that
     
    bigwhiffa, Feb 22, 2006
    #4
  5. bigwhiffa

    bigwhiffa Private E-2

    :confused: Hmm, I guess its a good thing but my new bitdefender virus scan came back clean this time.
     
    bigwhiffa, Feb 22, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay that's good about BitDefender.

    Is regedit working for you?

    Click Start, Run, and enter regedit and click OK! If regedit opens up, you should be okay.

    How is everything working now?
     
    chaslang, Feb 22, 2006
    #6
  7. bigwhiffa

    bigwhiffa Private E-2

    Sorry for the long waits between posts. I live in Japan so the 17+hr time difference doesnt help much.
    Regedit works fine now.
    Thanks a million for the help.
    You saved me many a sleepless night. :D
     
    bigwhiffa, Feb 23, 2006
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

    After that, you should work thru the below link:

    How to Protect yourself from malware!
     
    chaslang, Feb 23, 2006
    #8
  9. bigwhiffa

    bigwhiffa Private E-2

    System Restore is set.
    Good advice to follow on your guide.

    :) Thanks again for all the help :)
     
    bigwhiffa, Feb 24, 2006
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome! Surf safely!
     
    chaslang, Feb 24, 2006
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds