Computer Virus

[banK]

Hi All

I have Bit Defender security.

I have the above virus Bit defender could not disinfect it and I tried deleting it but that failed also.

I deleted the actual file that was indicated manually, and then ran another scan. This time the virus appeared in another file - Deleted that file and ran another scan but it had the virus in yet another flle.

I am not computer savvey so I am asking whether anyone can assist..

Another thing - I downloaded Microsoft essentials security program but that did not detect the virus when I ran a scan with it.

As I see it now I am thinking that I must bring it to a shop and get them to try and get rid of it. Also, if the virus keeps moving about will they have to wipe the computer clean and reload the original disc (windows xp home edition).

As a matter of interest, if that were to be the case, can anyone tell me what is the cost a Windows 7 program is (Genuine version with the disc)?

Thank you

banK

[powderpuff]

Run Ad-Aware on it. free program.

Also suggest you google & install McAfee Stinger. Turn off "restore" before you scan.

As far as I am aware Windows Security only works on Win7.

There are many versions of Win7. Ultimate 64 probably runs about 6000 baht.

Do you have Windows update activated? Each month they release "malicious software removal tool" which immunizes IE8.

Edited March 18, 2011 by powderpuff

[craigt3365]

I also use BD, and had a virus it couldn't get rid of. I ended up having to remove BD, install another antivirus program, remove the virus, remove the new antivirus program, and then reinstall BD. Painful.

I really like BD, but sometimes it is a PITA!!!!

For a good list of free antivirus software, try cnet.com. Also a good place to download from...I don't trust all these sites offering free downloads of other companies software.

[Dellboy218]

You could try the free Comodo Internet Security Suite from www.comodo.com

[gosompoi]

Type Mrt at the run prompt or command prompt to run microsoft removal tool, if you do not update it monthly go to mircosoft and download the latest.

[tezzaaa]

Hi,

Download and install ccleaner, hijackthis and spybot search & destroy. Update virus definition in spybot its free.

Run ccleaner and reboot in safe mode (press f8 when booting up).

Run ccleaner again now that u r in safe mode. Now run hijackthis and it will show u anything in use in your pc (files-memory). Try to locate the virus and delete it but b careful if u delete wrong file it will b problem...

Now run spybot and reboot normally. Run hijack this and see if virus still showing..run again spybot to make sure....

If it doesnt wrk chech out 'geeks to go website' its pretty good..u can ask 4 help there...

Cheers

Edited March 18, 2011 by tezzaaa

[Morpheus73]

Hi,

you can use Virus Total as a suggestion. It is free and has the advantage that the engine has multiple AV signatures from different vendors to check a file against. If you look at my attachment you will see an example result.

It would be helpful to know what virus gets reported by your AV application. Once you know this use google to find reports about it. The big vendors such as McAfee, Symantec, Sophos, Kaspersky will have removal instructions on their website.

You can gain as well more information about the characteristic of the virus and what harm you have to expect.

The fact that the virus got detected is a good sign. It means the virus is known as all AV vendors can only trigger malware where a signature exists. If your AV product, Bit Defender report a failure to clean no reason to freak out.

It usually still quarantines the file and just has problems to delete it. It can of course as well not deleted if the infection source e.g. a CD/DVD-ROM. USB-Drive is not longer available.

Before you are not sure if your host (PC, laptop) is virus free stay away from online banking and any kind of other activity where there is the chance that somebody steals your password. You might have a keylogger etc..

Make sure you have the latest patch level for your PC, Microsoft patches and others. If your PC indicates XP SP2 you know already that you not up to date, this SP is out of service support and you need to manually update to SP3 first.

Sounds all complicated and it actually can be.

Be aware as well that if you have a rootkit that a regular new installation of the OS (Operating system) in worst scenario won't solve your problem!

If you catched a nasty one and you can accept data loss google for free DISK WIPE programs. The HDD (your harddisk) need to be overwritten several times with 0 and 1. Government standard starts at 7 - 9 times. But that is really a worst case scenario.

If you have any further questions feel free to ask.

Cheers,

Morpheus

AV EXAMPLEpdf.pdf

P.S.: If you need further assistance i will help if i can. Be aware of the caveat that remote troubleshooting isn't easy. The link i have posted is good, so don't worry to catch something there. I earn my bread with things like this, i not mean to troubleshoot but IT-Security.

Edited March 18, 2011 by Morpheus73

[Morpheus73]

Sorry, have seen this just now!

Your subtopic is Gen:Heur.Krypt.69. I assume this is the virus you get reported. It is a trojan!!!! A bad one!!!!!

Different AV vendors detect him different. See my attached file again.

It is a variant of Win32/Kryptik.BSG and has the characteristic to re-create himself when deletion attempt is made. You got a really nasty one! It has around 850 variants and was in 2009 in the top list of infections.

Try to remove as followed:

To remove Trojan.Win32.Generic!BT, you must first stop any Trojan.Win32.Generic!BT processes that are running in your computer'ds memory. To stop all Trojan.Win32.Generic!BT processes, press CTRL+ALT+DELETE to open the Windows Task Manager. Click on the "Processes" tab, search for Trojan.Win32.Generic!BT, then right-click it and select "End Process" key.

To delete Trojan.Win32.Generic!BT registry keys, open the Windows Registry Editor by clicking on the Windows "Start" button and selecting "Run." Type "regedit" into the box and click "OK." Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\Trojan.Win32.Generic!BT." Right-click this registry key and select "Delete."

Finally, to completely get rid of Trojan.Win32.Generic!BT, you must manually remove other Trojan.Win32.Generic!BT files. These Trojan.Win32.Generic!BT files can be in the form of EXE, DLL, LSP, TOOLBAR, BROWSER HIJACK, and/or BROWSER PLUGIN. For example, Trojan.Win32.Generic!BT might create a file like

%PROGRAM_FILES%\Trojan.Win32.Generic!BT\Trojan.Win32.Generic!BT.exe. Locate and remove these files.

If you can afford to loose your data my advice would be reinstall your machine!!!!!

Be aware that it allows REMOTE ACCESS of your machine!!!! Do not go online with this computer anymore!

The severity of this malware is serious: Threat

As of the 850 variants it is a really really serious one and removal is not something for a person which has not a certain geek level.

Please keep me updated!

Cheers,

Morpheus

Gen_Heur_Kript_69.pdf

Edited March 19, 2011 by Morpheus73

[banK]

Thank you one and all especially Morpheus73

After reading the replies and not being a "geek", I think I will go to a shop to wipe the computer clean and get them to install windows 7.

PowderPuff said that there were several versions of windows 7, I have an ACER Aspire 3050 with an upgraded ram of 2 gb. Can I run any of the windows 7 versions - I would probibally get the "bees knees" one providing not too expensive.i

Once the computer is wiped clean and windows 7 is installed is there any danger of the virus still being embedded in the hardware?.

Since catching this virus I have not been near internet banking so that hopefully is safe.

Once again Thank-you

banK

[Morpheus73]

@banK

I guess Windows 7 might run on your ACER. You maybe encounter driver problems (some Vista drive can do the job) etc. and the performance might not be very well.

If you have the chance try to get a Windows 7 from a friend and play with it to see if it suits your demands.

Cheers,

Morpheus

[banK]

Hi Morpheus

Dont quite understand when you say that I might be able to run Windows 7 on my ACER.

Is it something about an ACER that prevents it running Windows 7? If so what are my alternatives for an operating system?

All I want is something clean and up to date.

Thank you

banK

[Morpheus73]

@banK

What i meant was that if you go to the ACER Driver support page ACER for your laptop there are only XP and VISTA driver listed.

It can happen that if you install Windows 7 on your laptop that several devices such as your network card, graphic card, sound will not work as of unavailability of a suitable driver.

Sometimes the VISTA driver, which are availabe, do that job but it can't guaranteed.

Just want to prevent that you waste money to buy Windows 7 to find out that nothing is working afterwards.

A fresh install of XP or VISTA will do it as well. If you still have the XP CD just use this one, the virus should be gone afterwards.

Cheers,

Morpheus

[banK]

Tks Morpheus for that information.

The problem that I have also, and have had for quite some time, when I attempted to download service pack 3 on the laptop it got maybe 3/4 of the way through and just stopped. Have tried several times over the last year or so.

Now that service pack 2 is no longer supported I wont feel comfortable especially since this last episode.

However, if I get the shop to wipe clean the computer and reformat C and D drives and reinstall with the original xp home edition, in your opinion do you think that I would be able to install service pack 3?

Thanks

banK

[Morpheus73]

ups,

tripled reply :-)

Edited March 20, 2011 by Morpheus73

[Morpheus73]

kill triple post

Edited March 20, 2011 by Morpheus73

[Morpheus73]

Hi banK

The installation of Service Pack 3 should work without any problems. The"easiest" way is to go to an Inernet shop and download it there onto a thumb drive.

Once your computer has the new installation of the operating system install the Service pack 3. If you have an installation CD of your Antivirus software as well then do the installation after Service Pack 3.

Then go online and update first the signatures of your AV software and then bring your Microsoft patches up to date. Even with SP3 you will still require some updates.

In regards to your infection be careful with external media such as thumb drives etc.. If you do not know the source of the infection you might wanna pay attention to this fact.

Just to be on the safe side i would suggest that you change all important passwords such as online banking, forums anything where you think sensitive informaton from you is stored. You don't know if some of that has been in the infection period already extracted from your PC.

Wish you good luck and heads up.

Cheers,

Morpheus

[Supernova]

Then go online and update first the signatures of your AV software and then bring your Microsoft patches up to date. Even with SP3 you will still require some updates.

Close to 100 updates... So yes, keeping your system up-to-date is of the utmost importance.

In regards to your infection be careful with external media such as thumb drives etc.. If you do not know the source of the infection you might wanna pay attention to this fact.

You can eliminate those threats by disabling Autorun, which is a commonly used attack vector for malware.

Edited March 20, 2011 by Supernova

[Morpheus73]

Then go online and update first the signatures of your AV software and then bring your Microsoft patches up to date. Even with SP3 you will still require some updates.

Close to 100 updates... So yes, keeping your system up-to-date is of the utmost importance.

In regards to your infection be careful with external media such as thumb drives etc.. If you do not know the source of the infection you might wanna pay attention to this fact.

You can eliminate those threats by disabling Autorun, which is a commonly used attack vector for malware.

@Supernova,

Yes, disabling autorun is an important step.

@banK

Have a look here: Disable Autorun

Cheers,

Morpheus

[banK]

Hi I'm back

Managed to get rid of the virus after a bit of research - quite simple and lucky.

The virus had migrated to "System Volume Information" - not accessible. Found a tutorial on Bit Defender which suggested that if System Restore is disabled then anything lurking there would be eliminated and hey presto the virus is now gone.

As for XP service pack 3 - tried to download it again but this time read the requirements, and it stated that AMD processors (as I have) needed some sort of modification/patch.

So downloaded this program which searched the registry for compatability and errors. It found 391 errors - it rectified 19 for free but $40 to do the rest! So did not do that.

However, I tried to download SP3 but when it was backing up the registry it froze - it also froze the computer! Unplugged the computer and now back to normal.

So as I see it now I will probably have to reload my original xp home edition disc to see if that works.

Anyway thanks to everyone who took the time to reply - appreciated

banK

[powderpuff]

I was just about to mention turning off "System Restore". You beat me to it.