A friend trouble

[hjpotter92]

One of my friend and neighbour got infected(pestered) by this problem, around 30 minutes ago (from this time).

He was faced with an error in hosts file, which was reported by AVG. Then, a svchost generic error occurred. He restarted his computer, and then when he logged back in and connected to internet, and this message was sent to all his contacts(as he told me later) via his GTalk.

I just got my hair dyed red!!! Does it look good? a dangerous link...

me: ye kya non sense hai?

After my obvious reply, he came to me and told me about it, and wanted me to put it up here for any solutions.

 

[krishnandu.sarkar]

Hmm...!! Ask him to try some other AV's and Malwarebytes. If all those fails to remove the virus then an online scanning may work(Only if he/she is on UL plan). Otherwise he/she may have to format.

---------- Post added at 11:39 PM ---------- Previous post was at 11:38 PM ----------

Ohh ya...ask him to scan the PC in safe mode.

 

[Gauravs90]

Firstly ask him to remove AVG and install avast, avira

I have always said in this forum that AVG is crappy and no one should use it.

Second you have posted link to a virus
here is the viruse total analysis of it Virustotal. MD5: de40a5f04cd01fb53cae51ed65c854d4 a variant of Win32/Injector.CEI W32/Injector.fam!tr Suspicious file

not many antivirus yet detected it so it will be hard to remove

 

[Gauravs90]

only NOD is able to detect that it is a virus

I sugest him to install NOD trial just to remove that virus.

 

[hjpotter92]

He can not come online because of that automatic email / chat trouble. He has put the computer at scanning though! AVG 9.0
He is asking, if instead of formatting, he can repair it

 

[Gauravs90]

If possible install NOD32 in his computer and remove the virus

---------- Post added at 11:53 PM ---------- Previous post was at 11:52 PM ----------

and pls remove that link as this thread might be flagged dangerous by security companies

 

[hjpotter92]

He will install NOD as soon as AVG scans once. He has bought AVG, so can't leave it like that.

---------- Post added at 12:11 AM ---------- Previous post was at 12:08 AM ----------

Scan completed. He is asking another thing. Is it possible to get online now to download NOD (I can't as I am charged for net, and he has unlimited one). AVG didn't detected anything.

---------- Post added at 12:13 AM ---------- Previous post was at 12:11 AM ----------

Another query, he was only visiting some comics website public forum while it happened. And, he is using opera (just like me.. ) when this happened. And, he didn't initiate any download or anything. He was just watching TV. when the show ended, he switched on his monitor, and this trouble was there.

 

[Gauravs90]

He can go if it is possible, and virus dosen't interfere in downloading

I think he should download NOD in safe mode

 

[hjpotter92]

Will he be able to connect his mobile to computer? in Safe mode

---------- Post added at 12:26 AM ---------- Previous post was at 12:25 AM ----------

And, viruses do interfere. My school's computers were infected, and any attempt to download any antivirus or even an urge to open the antivirus website was canceled by it.

 

[krishnandu.sarkar]

Well...thats completely depends what and how much the virus has infected. The problem with your school computer is the virus has patched hosts file(I think), thats why you are unable to open AV sites.

Well...What's his mobile?? If it's J2ME one then it's safe to connect. But it would be better not to connect. The virus may also infect his memory card.

 

[hjpotter92]

I am giving the account now to him. It shall be him who'll be posting.

---------- Post added at 12:52 AM ---------- Previous post was at 12:47 AM ----------

Is AVG really not a good antivirus. Though I had never felt any problem before. This time it was a problem with hosts file. Then all the components of my AVG were gone. So I just uninstalled it and restarted my computer. Then I went to visit my comics forum and Gtalk was running behind. Suddenly it started sending links and I was not able to do anything. All I did that I plugged out the cable. Then I installed AVg again and it didn't showed any. What should I do now.

 

[Gauravs90]

^^ Are you able to install NOD?

 

[krishnandu.sarkar]

As said before by Gaurav AVG is really not a good AV. Atleast nowadays. Earlier it was really better. On free AV Avast and Avira is best nowadays.

Anyway as Gaurav have executed the problem before so he knows well....so as he's suggesting only NOD will be able to catch that virus why don't you try it??

Just download and install the Demo (as said by him) and scan it in safe mode.

 

[hjpotter92]

He is unable to enter in Safe Mode. While loading, the system says some of the sys file is missing, and restarts in the normal mode.

 

[krishnandu.sarkar]

Hmm...!! Do a repair first. Or restore the file from Recovery Console.

 

[koolbuddy92]

First of all do what Gauravs90 and krishnandu.sarkar have suggested.
If everything suggested fails then download HijackThis for your friend. (IIRC It would'nt be a huge download for you)
HijackThis - Trend Micro USA
Post your Hijackthis log here.