Jump to content

Need help


Archaven

Recommended Posts

hi all. i'm sorry if this isn't the right section to post. any mod pls help me move it to the correct section. my pc was infected with Win32/Conficker.Gen virus.I installed ESET NOD32 (the latest version), it identified the file and was asked to delete it (reboot required). However, no matter how many times i rebooted the AV just couldn't remove this virus. I tried deleting the file which is (autorun.inf) and the file access denied. I tried booting to SAFE MODE (vistax32) and tried modifying file permission (system/hidden/read-only) and also it's still access denied.

anyone has any idea how to remove this virus? thanks.

Link to comment
Share on other sites


  • Replies 13
  • Views 2k
  • Created
  • Last Reply

Have you tried using Unlocker? It's listed on our frontpage :w00t:

What else you can do is go into safe mode and try HouseCall(an online antivirus service). But I doubt if it will be able to resolved this issue when ESET can't.

Link to comment
Share on other sites


MBAM (Malwarebytes' AntiMalware) should get rid of it. If you have the worm then its a different story. I had the virut.monde virus recently and it took more than one (cant remember the exact number) scan & removal process to get rid of it. With yours this may also be the case. If MBAM doesnt work then use VIPRE. It has one of the strongest scans I've seen from an av point of view. It found things that Trojan Remover, MBAM & ESET all missed.

Like I've said to a few other users who were in this scenario, if all else fails, use ComboFix. It saved me a couple of times when I couldnt figure out how to do away with any malware.

Link to comment
Share on other sites


try either Malwarebyte's Anti-Malware, Spybot Search & Destroy, Trojan Remover or Ad-Aware

But I think that Malwarebyte's Anti-Malware shall do the trick....I know because I also had that virus and either Trojan Remover or MBAM removed it

True.. But I'd say try this:

Conficker Removal

Dunno if it works for your COnficker version,,

Link to comment
Share on other sites


hi guys. thanks for all the suggestions and help. this community is always very helpful. i'm sure there's something wrong with my ISP. I couldn't even surf malwarebyte's anti-malware website. but i could surf other websites and even download from nsane proxy no problem ;).

i was wondering if it's fine to suggest nsanedown to host files using rapidshare. could anyone send me the installer?

Edit

Hi Haantjuh. Thanks for all the help. I used the conficker removal tool and disable the autorun feature from my laptop. I plugged in my USB thumbdrive which was infected with the virus and modify the file permission. Voila and i could delete that fuxker.

I'm gonna try tonight when i get home on my desktop PC. Thanks so much.

Link to comment
Share on other sites


Infinite_Vision
hi guys. thanks for all the suggestions and help. this community is always very helpful. i'm sure there's something wrong with my ISP. I couldn't even surf malwarebyte's anti-malware website. but i could surf other websites and even download from nsane proxy no problem :).

i was wondering if it's fine to suggest nsanedown to host files using rapidshare. could anyone send me the installer?

Edit

Hi Haantjuh. Thanks for all the help. I used the conficker removal tool and disable the autorun feature from my laptop. I plugged in my USB thumbdrive which was infected with the virus and modify the file permission. Voila and i could delete that fuxker.

I'm gonna try tonight when i get home on my desktop PC. Thanks so much.

I totally disable my autorun because what I'm seeing is that a lot of flash drives are being infected. Before I open any flashdrive, I scan it with NOD32. If you still having problems getting Malwarebytes, I can upload it for you. Lastly, remember to get all of your stuff here and never trust no one on any site besides this one. I made the mistake last time and I was messed up by it.

Link to comment
Share on other sites


hi guys. thanks for all the suggestions and help. this community is always very helpful. i'm sure there's something wrong with my ISP. I couldn't even surf malwarebyte's anti-malware website. but i could surf other websites and even download from nsane proxy no problem ;).

i was wondering if it's fine to suggest nsanedown to host files using rapidshare. could anyone send me the installer?

Edit

Hi Haantjuh. Thanks for all the help. I used the conficker removal tool and disable the autorun feature from my laptop. I plugged in my USB thumbdrive which was infected with the virus and modify the file permission. Voila and i could delete that fuxker.

I'm gonna try tonight when i get home on my desktop PC. Thanks so much.

I totally disable my autorun because what I'm seeing is that a lot of flash drives are being infected. Before I open any flashdrive, I scan it with NOD32. If you still having problems getting Malwarebytes, I can upload it for you. Lastly, remember to get all of your stuff here and never trust no one on any site besides this one. I made the mistake last time and I was messed up by it.

Thanks all so much for the help. You guys are totally right. I can't surf eset.com nor malwarebytes.org when infected with that virus. What an intelligent worm.. After removing it, i'm able to visit those sites again :)

Link to comment
Share on other sites


hi all. i'm back home and it seems that my desktop pc was infected with a much stronger version of the conficker version. i disabled autorun in vista and tried deleting/modifying file permission (remove sytem/hidden/read-only) and it's still ACCESS DENIED.

what's more weird is that in windows explorer, i enabled the options to view system and hidden files but i cannot see the file autorun.inf in the explorer. in dos prompt i can view that file and it's (SHR). it's kinda frustrating here. i think last resort would be formatting :). this is going to waste alot of my time.

Link to comment
Share on other sites


hi all. i'm back home and it seems that my desktop pc was infected with a much stronger version of the conficker version. i disabled autorun in vista and tried deleting/modifying file permission (remove sytem/hidden/read-only) and it's still ACCESS DENIED.

what's more weird is that in windows explorer, i enabled the options to view system and hidden files but i cannot see the file autorun.inf in the explorer. in dos prompt i can view that file and it's (SHR). it's kinda frustrating here. i think last resort would be formatting :). this is going to waste alot of my time.

Try Run >> MRT >> and do a full scan.

Link to comment
Share on other sites


Hi all. I found a very good tool. File assassin from Malwarebyte's. It's much better than Unlocker which doesn't work for me. However i still need to modify the permission of the file (ownership). Otherwise file assassin also could not delete the file.

Anyone using ESET NOD32 latest version? I tried username eset and password same also can't update. Invalid username or password :(

Link to comment
Share on other sites


Hi all. I found a very good tool. File assassin from Malwarebyte's. It's much better than Unlocker which doesn't work for me. However i still need to modify the permission of the file (ownership). Otherwise file assassin also could not delete the file.

Anyone using ESET NOD32 latest version? I tried username eset and password same also can't update. Invalid username or password :(

If you are using vista, try this. Copy and paste below into a file named [takeownership.reg] and 2x on it to install. Then go to the file that you want to delete and right click on it and select "Take Ownership". Then delete the file.

===========

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]

@="Take Ownership"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]

@="Take Ownership"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

===========

Link to comment
Share on other sites


Hi all. I found a very good tool. File assassin from Malwarebyte's. It's much better than Unlocker which doesn't work for me. However i still need to modify the permission of the file (ownership). Otherwise file assassin also could not delete the file.

Anyone using ESET NOD32 latest version? I tried username eset and password same also can't update. Invalid username or password :(

If you are using vista, try this. Copy and paste below into a file named [takeownership.reg] and 2x on it to install. Then go to the file that you want to delete and right click on it and select "Take Ownership". Then delete the file.

===========

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\runas]

@="Take Ownership"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\*\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" && icacls \"%1\" /grant administrators:F"

[HKEY_CLASSES_ROOT\Directory\shell\runas]

@="Take Ownership"

"NoWorkingDirectory"=""

[HKEY_CLASSES_ROOT\Directory\shell\runas\command]

@="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

"IsolatedCommand"="cmd.exe /c takeown /f \"%1\" /r /d y && icacls \"%1\" /grant administrators:F /t"

===========

hey box. that was ever so useful :(. much more easier then the user menu. i can now update ESET NOD32 after applying box-mara fix. previously the options are all grayed out. I have no idea suddenly i could apply the fix now. I did previously disabled the self defense and the options to patch it still grays out.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...