Jumping Virus

[Knightmare]

This is in the words of my friend. This is how he described the virus after running scans with ESET: the virus jumps from one file to another. ESET detects a file as a virus but then immediately removes the file from the list, saying that it is not infected. It then finds another file and does the same thing. My friend told me that he can't get the computer to me anytime soon, so I figured I would post here to see if anyone has heard of or had experience with the "jumping virus." It sounds like the sality virus that I had that infected all of my exe files but ESET was able to remove mine, so either he's doing something wrong or it's not the same virus.

[november_ra1n]

Virus loves you and your friends. :rolleyes:

[mara-]

So, if Eset detects it, maybe it can remove it. You friend should try to create Eset SysRescue, boot and scan the computer. Not sure if Eset works in safe mode, maybe try that.

Cheers ;)

[Knightmare]

So, if Eset detects it, maybe it can remove it. You friend should try to create Eset SysRescue, boot and scan the computer. Not sure if Eset works in safe mode, maybe try that.

Cheers ;)

That online scanner works in safe mode.

[darko999]

how does people get infected lol, its been a while since my last infection...

If ESET can't help you, I'll recommend you running a full and updated scan with MalwareBytes Anti Malware.

[MAXS]

It's not Jumping Virus, it's simple file infector that will infect every file with specified extension. Sality does this...

[Shadowx]

It's not Jumping Virus, it's simple file infector that will infect every file with specified extension. Sality does this...

Simply true my friend. Viruses like Sality and Virut does the same damage, infecting every .exe and .html files, cheers ;)

[Knightmare]

how does people get infected lol, its been a while since my last infection...

If ESET can't help you, I'll recommend you running a full and updated scan with MalwareBytes Anti Malware.

It's not he who got the infection, it's a customer. He tried Malwarebytes but it didn't find anything.

It's not Jumping Virus, it's simple file infector that will infect every file with specified extension. Sality does this...

That's what I told him but he did mention that ESET removed the file from the list, saying that the file wasn't infected. I don't think I've ever heard of ESET doing that. :s

[unknownasphyxiated]

try download Kaspersky Virus Removal Tool on other pc and reboot the infected computer in safe mode

then transfer KVRT through flash drive and run KVRT

i don't think the "jumping virus" can jumping around in safe mode

[MAXS]

Rescue disk is the best way...

[Knightmare]

try download Kaspersky Virus Removal Tool on other pc and reboot the infected computer in safe mode

then transfer KVRT through flash drive and run KVRT

i don't think the "jumping virus" can jumping around in safe mode

He said that he ran it in Safe Mode and it didn't work. :dunno:

Now he's saying that he thinks that it's spyware, since it doesn't do anything to the programs. :s

[unknownasphyxiated]

He said that he ran it in Safe Mode and it didn't work. :dunno:

Now he's saying that he thinks that it's spyware, since it doesn't do anything to the programs. :s

it didn't work??

cannot run KVRT or it doesn't detect anything?

for spyware etc,you can use malwarebytes

[GRiM]

"jumping virus" lol

Dude the whole concept of a virus it to infect other files in your system by its very nature. This is the same with any REAL computer virus. If it doesnt infect files its just simply standrd malware infection.

You should boot from a bootable tool CD/USB and try scanning/cleaning that way or maybe try increasing cleaning level in ESET.

[MAXS]

Hiren's BootCD probably would do the trick :)

[Knightmare]

Hiren's BootCD probably would do the trick :)

WOW! That has a ton of programs!

[circaal]

Hiren's is an amazing bootcd, when I dealt with the virut virus Dr. Webcure bootcd did the trick. It takes a while to run but it was able to save one of the machines i was working on. Good luck to you and your friend!

-BTY

[SkyrimGuy]

Hiren boot Cd is one of the best last resort options. You can also try any one of the boot cd's. Kaspersky has a great one and so does eset. You can also try hitman pro in breach mode.

[avmad]

Instead of Hirens you should make a Sardu disk. You can put loads of stuff on it, probably Hirens will go on it too. It's simple to make one.

I have mine on USB and it goes with me B)

http://www.sarducd.it/

[nIGHT]

This "Jumping virus" might be real. I have seen one in the old 'DOS' days, the "DH2" virus. It is a polymorphic stealth self-removing virus.

[tipo]

So, if Eset detects it, maybe it can remove it. You friend should try to create Eset SysRescue, boot and scan the computer. Not sure if Eset works in safe mode, maybe try that.

Cheers ;)

That online scanner works in safe mode.

Eset SysRescue is a bootable media disk (which is created through eset) not the online scanner.

http://kb.eset.com/esetkb/index?page=content&id=SOLN2103

[Ambrocious]

I agree with the others: Kaspersky Rescue Disk, Hirens BootCD, and even the Sardu disk are all good options. With Sardu, you can customize what exactly goes on there too, pretty neat. NOTE: In the Sardu install options, don't install the additional tool bars or anything.

[Knightmare]

LOL! My friend said that he just ran a bunch of antimalware programs at once and that did the trick. When in doubt, just gang up on the virus! :boxing: :boxing: :boxing:

[november_ra1n]

LOL! My friend said that he just ran a bunch of antimalware programs at once and that did the trick. When in doubt, just gang up on the virus! :boxing: :boxing: :boxing:

That is awesome news let see what will come up next just cant wait. B)

[tipo]

can you post some detection logs here so we could better undestand whta was this about?

[Knightmare]

can you post some detection logs here so we could better undestand whta was this about?

Not right now because it was on a clients computer that my friend was working on. However, he said that he's going to give the virus to me on a flash drive, so I'll test it on a VM once I get it.