fujack keeps coming back

Hello to all.

My computer is under severe attack from the fujack worm. I've tried just about everything I can think of , including your own suggestions for removing malware (ccleaner + hidden files, etc). The problem is that it' seems ok for a little while (24h max) and then it's back to square 1. Obviously, there's something somewhere that I'm missing. I guess you know this worm well but just in case, what it does is cut off the internet (usually can be reconnected after restarting computer) and/or disinstalls practically all the applications, including malreware detectors and removers. For istance, it has once disinstall edWord (did it once) and ClamWin. All I'm left with is that little searchlight. I've read that it attached itself to .exe. I've been fighting this thing for three weeks almost and am at my wit's end.
Can anyone help? Thanks in advance.

 

Hi arabelleinbe,
Welcome to Major Geeks!

Fujack is a difficult one, because it infects all .exe files. If you are on a network, chances are good that all the computers will be infected.

Please do the following:

If you do not have McAfee, please go to McAfee Free Trial Versions and
download the free trial version. Be sure to click on trial version next to the Virus Scan program. Only download the installation program. Do not install it until you first disconnect from the internet and second, uninstall any other antivirus program you have.

Once installed, please reconnect to the internet and then allow McAfee to update. Then run a full system scan and have it fix everything it finds.

As soon as you are finished with that, do a computer-wide Windows Search and look for desktop_.ini files and then in the search window select all of them and Delete.

Then I would like for you to run two further scans:

Kaspersky AVP Tool 7.0.0.180 30\04\2008

Using BitDefender Online Scan

Most of the programs you have will end up being infected and may need to be reinstalled. To back up your data without infection, you will have to back up everything without including .exe files.

Thanks.
abri

 

Thanks for a quick reply, Abri. I'll try what you suggest and shall let you know the results. I sure hope this works because it's driving me nuts. One more question: I'm not really sure I know how to back up without the .exe files. The way I see it I'll need to save each data folder individually. Am I right and if not and there's a quicker way, could you please spell out the procedure? I can more or less find my way in a computer but I wouldn't call myself computer savvy. But then again, I wouldn't be here crying for help...
Forgot to say that indeed second computer has been hit. The laptops on wifi using that connection are ok BUT I did copy a Word file from the main desktop computer onto a memory stick and transferred it to my laptop. The scan didn't detect anything but is there a chance of something nasty happening anyway?

 

Hi arabelleinbe,

This worm concentrates on .exe files. It will add desktop_.ini files in every folder. It will also scatter around a few other files which begin the infection. One is typically gamesetup.exe in the root folder (in most computers this is C:\) and another is system32\Drivers\spoclsv.exe. A third file is autorun.inf which is used to make sure the setup file always gets run.

Before you begin, please do the following:

Do a computer-wide Windows Search and look for desktop_.ini files and then in the search window select all of them and Delete. Also, look for C:\gamesetup.exe and C:\WINDOWS\system32\Drivers\spoclsv.exe and if found, delete them.

With regard to backing up your data: it's unlikely your music, photos, txt files will be infected. You should be able to store anything which doesn't include an .exe file without transferring the worm. Exe files are found in programs, so if you avoid moving programs, you should be able to back up your data. The problem will come in the area of emails for instance, where someone may have sent you an attachment containing an exe file. For the time being, store your photos, music and .txt files in one place (say on a dvd or cd), store your emails in another, and store your word documents and bookmarks and favorites on a third cd or dvd or flashdrive. Don't store any installation program or other program. Most programs can be gotten back either by downloading them from the internet or from the original cd.

Finally, please keep cleaning your computer as you work, so that when you attempt the downloads we've suggested, you have a chance of getting them onto your computer and running them before they are infected. You can run the BitDefender with other antivirus software on your computer, but when you install McAfee, you will have to have any other resident program removed. It may be helpful to download the installation program for McAfee onto cd and then to install it directly from there to your computer. See if you can get it to run. If not, go then to the BitDefender online scan. It will only run with Internet Explorer and with Active X enabled.

abri

 

Thanks for the detailed explanation. I'm going to try all this and shall keep you posted.

 

Hi arabelleinbe,

Did you get anywhere in this?

abri

 

Hi, abri
I was sort of getting somewhere with the infected pc, then it all went pearshaped. I installed McAfee and did the scan. Files were detected (about 3,000 objects) , quarantined and fixed. The problem - biiiig problem- started when I tried the next phase, the online Kapersky scan. I can no longer do anything online. I get dozens and dozens of McAfee SiteAdvisor pop-ups that can't be shut. This happens everytime I go online, including lately in safe mode. I tried to disable SiteAd but I can't. I then tried to uninstall McAfee but I can't do that either. When I click on modify/remove, a window appears for a split second then vanishes and it appears to have become impossible to remove. I can't get any further than that. Any idea what I can do now because I'm really stuck. :-((
Thanks for your help.

 

Sorry, chaslang, I got confused. I meant the step when I try to go online to install Kapersky. I can't get there. I can get online but then, the SiteAd popups start piling up and I can't continue because I can't see anything anymore for the popups. Basically, I can't do anything online anymore. What I need is to be able to stop this Site Advisor thing but I can't seem to be able to disable it. It just won't budge. I get a screen telling me it's being used and can't be removed. Any ideas?
For the actual content of the popups I'll give you that once I'm home facing the monster.
Thanks for all the advice so far. arabelleinbe

 

Hi arabelleinbe,

Did you try what Chaslang suggested with physically unplugging the internet cable from your computer while it's turned off and then booting up, not opening any browsers and trying to uninstall or disable site advisor? If you can do that, run McAfee again, without hooking up to the internet.

 

Hello, Abri and Chaslang
Yes, I did try and at first it didn't work and I got 54 pop-ups. So I did again and again, and obviously something happened because the pop-ups have stopped and I was able to access SiteAdvisor and disable it. This happened just a minute ago. I'm going to continue from where I got stuck implementing Abri's suggestions. I'll try it tonight and will let you know.
In any case, thanks to both of you for your help. Thank you very much, Chaslang for helping out with the pop-ups, I was just contemplating slicing my wrists when your suggestion came up.

 

Re: fujack keeps coming back - may be gone!

I've just run Mc Afee again and Malwarebytes and the results came up clean. It looks as if fujack's gone. I'm keeping my fingers crossed. In any case, thanks for all the help. I couldn't have done it without Abri and Chaslang. Major Geeks, you rock! :celebrate