Malware Infection. Help

D

dreamyfantasy

Right off the assembly line
I believe i have a malware infection on my computer. can you help me?
i have a virus/worm file in my usb pen drive like G:/pisted/offline.exe. Along with this autorun.exe is created in the root directory of the usb drive everytime i plug in my pendrive. I am able to remove it from safe mode or from Linux. But i am unable to delete it, rename it or quarantine it in during normal windows operation. also even after removal from pendrive these files get created everytime in plug in my pendrive to my system.

It changes the icon for my removable disk to a trash can like symbol. and it wont let me to do safe removal.

The autorun.exe has the following info

[autorun]
USEAUTOPLAY=1
shellexecute=pisted/offline.exe
Shellhuji
shell\\Explore\\command=pisted/offline…
shell\Open\\command=pisted/offline.exe
icon=pisted/offline.exe
open=pisted/offline.exe
action=0pen folder to view files using Windows Explorer

I have avast installed and it is not reporting it as a virus. But it shows a warning that a autorun virus is trying to access my firefox session info and it reports that it has blocked it. but the warning appears frequently. i think avast is not identifying the original problem but it dealing with one of the various manifestations of the virus. Since it is trying to access session info i believe this could be a serious security . I have tried with nod 32, and also Malwarebytes antimalware. none is able to identify the root of the problem.

I did a google search and couldnt find any clue about this one.
any help or suggestions as to how to proceed are highly welcome.
 
coderunknown

coderunknown

Retired Forum Mod
do a complete PC scan with Emsisoft Anti-Malware. it should detect & fix the problem. or you may also try Avira without the protection (guard) modules.
 
meetdilip

meetdilip

Computer Addict
Use this, locks autorun files

No Autorun | Free software downloads at SourceForge.net

It seems the malware has moved to your PC and is spreading to any USB device you plug in. Do a full system scan using Avast and install an anti malware with real time protection like Adaware.

Hope this helps.
 
sygeek

sygeek

Technomancer
Install an anti-virus (Micrsoft Security Essentials), and do a full scan of your PC. It is recommended that you disable autorun and install Panda USB Vaccine.

This should usually fix your problem, however if it doesn't, you have to fix it manually. Follow the steps below.


Here's how you fix it manually [Follow the steps in their order]:
Please complete and close all of your important tasks before starting.
  1. Open taskmanager (ctrl+shift+esc/ctrl+del+enter)
  2. In the process tab, delete all the instances of "offline.exe".
  3. Disable autorun.
  4. Install Panda USB Vacine.
  5. Run msconfig, and if you find any instances of it on startup/services. Unselect it.
  6. You can further install a startup manager to check if it has added it's instances to other startup folders (of the system files). Unselect them as well.
    [*]Restart your PC.
  7. Download Everything and install it.
  8. Download and install Unlocker.
    [*]Restart your PC.
  9. Open Everything.
  10. Search for "offline.exe" and and remove all of it's instances.
  11. If you're unable to, Unlocker will pop-up and ask you how to delete them. Choose to unlock the process (explorer may close/something weird will happen). And then, choose to delete all of the files.
    [*]Restart your PC.
  12. Repeat the same steps [11+] for deleting "autorun.exe" (search for autorun.exe instead).
There are additional steps (that involves registry) that I omitted from above for the sake of simplicity, however, if this doesn't fix your problem, I may mention them as well.
 
Last edited:
meetdilip

meetdilip

Computer Addict
@ sysgeek

Someone I know complained that Panda USB Vaccine had irreversible effects on Autoruns causing issues in working of some software. Any idea on this ?
 
sygeek

sygeek

Technomancer
meetdilip said:
@ sysgeek

Someone I know complained that Panda USB Vaccine had irreversible effects on Autoruns causing issues in working of some software. Any idea on this ?
Click to expand...
It replaces the autorun on the usb drives with its own and locks the file, so that it can not be modified by a virus again. So, yeah, the original autorun is gone.

In most cases, people don't use autorun for their pendrives. It is usually created by a virus for its execution. Panda USB Vaccine assumes that and replaces the autorun file.

It doesn't affect the CD/DVDs at all, where the "real autorun" file lies, it can not.

So, you can call it an irreversible effect on Autorun on USB drives. But, in reality, it isn't.
 
Zangetsu

Zangetsu

I am the master of my Fate.
@dreamyfantasy: use Avira Antivirus Free (updated) or Bitdefender 2011.
scan the computer your problem will be solved.also scan the pendrive.
 
You must log in or register to reply here.
Top Bottom