Help with an infection

[rudrax]

Hey guys need a little help out here. I left my laptop with my little bro one day I was out of town regarding an interview, he got my laptop infected with Win32:LocalInfect. After the infection my antivirus Webroot SecureAnywhere gone crazy which is obvious. The virus is infecting all the .exe files in my laptop consequently. If I let the antivirus ON, it detects and deletes the whole .exe file. I got mspaint deleted with this. So now I have to work with antivirus disabled.

So is there any way to delete the virus without deleting the infected files because the virus is infecting all the system .exe files. I do not wanna do a system restore because a huge file is being downloaded with IDM.

@dcs18, if there were a panic button in nsane, I'd hit it right now. :unsure:

[dcs18]

Going out on calls just now, shall be back in the second half (hope that the guys can help you in the meanwhile.)

Just 3 headsup to make post-infection life easier:-

• Disable system restore (at least for the the time being.)
• Use MsConfig to remove unwanted startups and reboot
• Run McAfee Stinger (it's a very small utility - I'd try portable.)

[Zex]

Maybe its a false positive?

http://forums.thebrain.com/post/Infection-of-new-Brain-7-download-5710578

http://forums.thebrain.com/post/Installation-notice-5689397

http://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/False-Threat-on-networkminer-exe/td-p/4991#.UcFI_5zTLSk

Why not upload your file (e.g: mspaint.exe) to Virus Total to be sure its infected?

[rudrax]

Going out on calls just now, shall be back in the second half (hope that the guys can help you in the meanwhile.)

Just 3 headsup to make post-infection life easier:-

• Disable system restore (at least for the the time being.)
• Use MsConfig to remove unwanted startups and reboot
• Run McAfee Stinger (it's a very small utility - I'd try portable.)

For my download, I have made an export file from IDM and copied the temporary download folder to an external drive. Will it gonna work in other machine?

Edit: I tried scanning with MaAfee Stinger and found uncountable infections. Here's the log file

[rudrax]

Maybe its a false positive?

http://forums.thebrain.com/post/Infection-of-new-Brain-7-download-5710578

http://forums.thebrain.com/post/Installation-notice-5689397

http://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/False-Threat-on-networkminer-exe/td-p/4991#.UcFI_5zTLSk

Why not upload your file (e.g: mspaint.exe) to Virus Total to be sure its infected?

Nope, it's a real one.

[majithia23]

As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

... How about running a Bootable Virus Removal Disk . Eset or Kaspersky or Cure It .

[ASIO]

As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

... How about running a Bootable Virus Removal Disk . Eset or Kaspersky or Cure It .

system restore will not help him !!

[ASIO]

use avast boot time scanner .. to remove this threat !!

[gonza]

In my experience, system restore (when it works) frequently removes viruses etc. It is well worth giving it a try.

Assuming success, then run your AV and AS proggies too.

[rudrax]

Thank you guys for replying..I will consider your ideas as per my conditions here.

[gonza]

Ooops. I just re-read what you said. I now think you are well and truly stuffed. Sorry.

[tezza]

For my download, I have made an export file from IDM and copied the temporary download folder to an external drive. Will it gonna work in other machine?

@rudrax

http://www.internetdownloadmanager.com/register/new_faq/functions17.html

:)

(also came across this, and as saving this ISO download is your main priority, thought i would post it as well.)

http://kristianvillafania.com/von/f41/pause-resume-downloads-another-computer-using-idm-5196/

[Blackchildcx]

scan with Dr. web from FP

and if you´re highly infected

Reinstall(would be my choise)

if its just a regular infection clean it !

[Blackchildcx]

I will upload Hirens BOOT DISK 15 final and the Ultimate BOOT DIsk 6 later (this evening)

clean the viruses by boottime scan..

I guess Webroot got no Bootscan feature?

I think that helps you..

[Dodel]

Yep, as already advised. Your better booting from a live cd, either linux or Hirens (if you do use Hirens DO NOT use the option to boot OS from the installation)

I'd advise NOT using a system restore, as this will only replace missing files and repair certain instances, if you are truely infected it's like to be running at boot, scheduled & reg key for one, so a system restore will not eliminate anything.

Dodel.

[unknownasphyxiated]

you're infected with Virut

it is better to start new because this threat infect all exe@application file

even if you restore/disinfect the file,you might get problem after this

don't backup exe file

if you want to backup self-extracting exe file,make sure you don't double click/run the file, the virus will run again

use extract instead

[NOP-X4]

More info on this type of infection: :read:

http://www.f-secure.com/v-descs/virus_w32_virut.shtml

http://blog.trendmicro.com/trendlabs-security-intelligence/virux-cases-escalate

http://www.windowsbbs.com/malware-virus-removal-archive/88944-incurable-virut-virus.html

[macnavarra]

you can try these: http://support.kaspersky.com/2735?el=88446

or these : http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

and see if it helps.

[Blackchildcx]

Oh man Bro,

make a new start!

anyway...here is the link to Hirens BOOT CD GOOD LUCK

infos here: http://www.hiren.info/pages/bootcd

download here: http://www.hirensbootcd.org/download/

FREEWARE

[rudrax]

Thank you guys, I really appreciate :)

[dcs18]

As good as i know , System restore does not effect personal files and documents . It will only restore program and system files on the drives for which you have it enabled . So , if you run a restore , i dont think your IDM download shall be interrupted or corrupted .

Disabling System Restore is the first basic step to take once an infection is suspected - not because of IDM.

When the system is dis-infected, System Restore has the elevated privileges of restoring all the infections that were previously removed.

[dcs18]

Edit: I tried scanning with MaAfee Stinger and found uncountable infections. Here's the log file

Yeah, the McAfee Stinger is one handy utility to have for such eventualities - serves as a good fallback (especially in portable variant - when one's prime security system get disabled by malware.)

[rudrax]

@dcs18, now what to do?

[dcs18]

What's the current status of your system?

Aren't the malware been decimated?

[shorty6100]

Preventative maintenance-scan with secondary scanners MBAM and HitmanPro. I use both with Webroot. What one does not find, the others will. You can boot into safe mode with HitmanPro as well. It is called Kickstart. Good luck.