an invisible virus... help...

[Siddhartha_t69]

I've recently found a virus in my PC that infects removable flash drives.
whenever i conect the phone\ mp3 player to the PC, a program shows that winlogon.exe is writing something to the drive. And when i open it , I see that the folders are hidden and there are application (.exe) files in the name of those folders and similar icon as that of a folder.

Onthe other side, I uncheck the 'Hide Protected operating system files' option in folder options. apply and close it. but it gets automatically checked next time i see it.

I've downloaded the latest Norton Antivirus definitions and scanned but the virus isn't detected.
help.

 

[max_demon]

boot in safe mode and use kaspersky , disable sys restore .
follow the person below me
EDITont follow

 

[abhijangda]

use any av lik qh, avast.

 

[romeo_8693]

*www.thinkdigit.com/forum/showthread.php?t=47683&highlight=brontok

 

[denzored]

try using a15 day trial from nod32 and do upgrade it what u have seems to be a Trogen not a virus. Either way nod32 should clean ur system..and somtimes u may have to temporarly disable ur system restore and delete previous restore points if necessay.. some of these are pretty nasty..
Best of luck
To identify the virus try ctl+alt+shift and check for names like temp.exe or very long names or noname atall
try searching them out and make sure u can see both hidden and operating sytem files.
check for a file called autorun.inf in ur harddisk root directories.. if found delete it normally they are both hidden and marked as sytem files
to remove the hidden and sytem files attribute u could go to command prompt and go to where the file is and type> attrib -h -s <file name.extension>
eg: attrib -h -s autorun.inf
then delete it.

 

[src2206]

Use HijackThis version 1.9.1 and then run a full system scan after closing all the browsers and open windows if any. Then post the log it produces here.

As this forum has no dedicated section for HJT logs you can always try certified forums which deals with HJT logs and malware infections like Techsupportforum.com, geekstogo etc.

Hope this helps.

 

[bhutanesedude]

Dude....Nothing to do...just install SYMANTEC AV and Spybot S&D, then update it and scan your system...This will solve your problem.....If not its a mini virus created by BRONTOK, Which can be resolved by KILLGODZILLA.exe...Search in google and download....it...Its very small and easy to download...

I did it and not even the latest or best Virus can harm or enter my system

 

[gsoul2soul]

Now my Problem is... in my office this VIRUS is like "Everywhere"

"Ravmon" "Brontok"... and what not!!

And i have to insert my "dongle" into slots... no matter what !! (and I mean my 2 GB USB stick)

He he he... Anyways coming back to my infuriating dilemma "Whenever i get infected... my AVAST detects and deletes"

BUT the Folder become invisible... the "Hide property is checked" and i cannot seem to revert.

The only thing i can do is... make another folder and copy all the content into it.
That's okay for couple of time... but everyday... it's a major PAIN IN THE ASSSS

HELP........

 

[lalam]

If its your USB stick your referring to and its warranty is still valid plug it into a linux OS and plug it out without unmounting. That should solve your problem for you can go for a replacement then.

 

[pushkaraj]

You can try installing unlocker. Download it from here

After installing this software, it will create an option in the context menu called "Unlocker". So when you want to delete some file and it is locked by some process so that you are unable to delete it, just right click on that particular file and click on Unlocker. After that window will open in which you will be able to see the locking process(if any). You can move, rename or delete the file if you want by unlocking it from the process.

 

[gsoul2soul]

wow... didn't know about such thing as unlocker... thanks !!!
might come handy...

 

[pushkaraj]

wow... didn't know about such thing as unlocker... thanks !!!
might come handy...

Yes it comes very handy when there is some stupid process like explorer.exe locking some file and not allowing me to rename, move or delete it.