Have this malicious program for a few days I just can't get rid of it no matter what.
What it does:
Nothing harmful it seems other than; making a small windows like bubble in the icon field bottom right corner, where it says that I should protect my computer from spyware etc. by clicking this bubble I would gain that protection. Of course I haven't clicked it. Also it has a phoney red windows (Warning your computer isnt safe without antivirus) cross copy as an icon. The objective of the virus seems to be to fool the user into clicking that bubble...Other than this I haven't noticed anything strange.
This is what I've done so far:
Kaspersky 8, quarantined one of the files. But all the files are recreated everytime my computer boots. Also terminated actions attempted by the virus.
Removed the files manually in fail-safe mode. Recreated next boot...
Removed the regfiles in RUN (run-->regedit), so that they won't be started when comp boots. Reg keys also recreated.
Had to rename Kaspersky and Hijackthis in order to run them, program seemed to block these by their name.
File names which I suspect are involved are:
wini10731.exe (C:\WINDOWS\system32)
brastk.exe (C:\WINDOWS and C:\WINDOWS\system32)
msauc.exe (C:\WINDOWS (not recreated by some reason))
karna.dat (C:\WINDOWS and C:\WINDOWS\system32)
And the autostart regfiles for brastk.exe (recreated) and msauc.exe (not recreated).
I think I got this via firefox googling for images..
and saveit on the desktop. Then double click on it(Fix_download.exe).
You may have to allow the program to download filesfrom the web!
The program download the necessary cleaning programs. Once the program is downloaded, there will be a folder on your desktop named Fix.– if the instructions not automatically opens, so double-click "FIX_manual.htm" in Fix folder.
Please follow the instructions and copy the logs here, in this Topic:
Note : Fix_download.exeis detected by some antivirus programsas a "RiskTool" /infection; it is not a virus. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
If necessary, temporarily disable your anti-virus, real-time protection before downloading
I ran the fix kit, malwarebytes removed 14 items. In all my eagerness I forgot to save the logfile. It said that the deletes were successful, though I still suspect something is wrong. As I cannot run hjt by it's real name. Had it renamed "1.exe" to run it..
I'll post the logs as soon as I can. Though as I wrote before, I didn't save the log from malwarebytes..forgot : Ran a scan once again but this time it was clean. Although I can see through hjt that it isn't.
Currently it is Wednesday, December 03, 2008 7:00 AM (GMT +1) There are a total of 64.512 posts in 15.910 threads. In the last 3 days there were 19 new threads and 77 reply posts. View Active Threads
Who's Online
This forum has 27326 registered members. Please welcome our newest member, DooN. 40 Guest(s), 0 Registered Member(s) are currently online. Details
Ran a scan once again but this time it was clean. Although I can see through hjt that it isn't.
|