virus infection:: ,.exe

Status
Not open for further replies.
H

harmik

Journeyman
Here is history of the prob:::

i had put Pendrive in frnd's pc and had 2 eject without safely removing bcoz f sum prob..nw i came home and saw a virus..

thr were 2 files in root of PD.:: ",.exe" , "autorun.inf".. and 2 instances of ",.exe" were thr in the task manager.. when i closed process, it wud start again on its own...

nw i saw that the 2 files i mntnd above are present in root of every drive on my HDD and also in C:\WIndows\Debug folder, and in the task manager...

when i double click a drive, i get a ZoneAlarm warning that "??1" or ",.exe" is trying to access explorer.exe. if i click allow, thn it opens a new windw of Windows explorer. if i deny, then a pop up with this msg appears:::
Run-time error '5':
Invalid Procedure call or argument

nod32 couldnt find any virus........nor sypbot

and on searching ",.exe" on google, it searches only for exe (as it maybe ignores the comma)..
so, no worthwhile results thr...

so.......help ASAP plz!!!
i cant afford to format.
plz help!!!
 
zyberboy

zyberboy

dá ûnrêäl Kiñg
upload that exe file tat u got through usb into this site *www.virustotal.com/ it will scan this file with different Av's and u can see the results....download and install the av tat succeeded in detecting it.
 
faraaz

faraaz

Evil Genius
I have the same virus. Install Norton Antivirus 2006 and latest updates. Run the check and you will get some 30,000 virus files. Delete all...

To make sure, reboot with a Linux live CD and just delete the autorun.inf files as well as any other of the virus exe files...
 
OP
H

harmik

Journeyman
@cyberboy_kerala::
great site man... totally appreciate the effort that goes into it..........

Here is the url of the result::
*www.virustotal.com/resultado.html?2243d8810152a4411d6fa78e7e10be91

copy of the result:::

==========================================================
File _.exe received on 08.03.2007 20:06:48 (CET)Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.03 Win32/IRCBot.worm.variant
AntiVir 7.4.0.57 2007.08.03 -
Authentium 4.93.8 2007.08.02 -
Avast 4.7.1029.0 2007.08.02 -
AVG 7.5.0.476 2007.08.02 -
BitDefender 7.2 2007.08.03 -
CAT-QuickHeal 9.00 2007.08.03 -
ClamAV 0.91 2007.08.03 -
DrWeb 4.33 2007.08.03 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5029 2007.08.03 -
Ewido 4.0 2007.08.03 -
FileAdvisor 1 2007.08.03 -
Fortinet 2.91.0.0 2007.08.03 -
F-Prot 4.3.2.48 2007.08.02 -
F-Secure 6.70.13030.0 2007.08.03 Virus.Win32.AutoRun.ev
Ikarus T3.1.1.8 2007.08.03 Virus.Win32.AutoRun.ev
Kaspersky 4.0.2.24 2007.08.03 Virus.Win32.AutoRun.ev
McAfee 5090 2007.08.03 -
Microsoft 1.2704 2007.08.03 -
NOD32v2 2436 2007.08.03 -
Norman 5.80.02 2007.08.03 -
Panda 9.0.0.4 2007.08.03 Suspicious file
Rising 19.34.40.00 2007.08.03 Worm.Win32.VB.u
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.03 -
Symantec 10 2007.08.03 -
TheHacker 6.1.7.161 2007.08.03 -
VBA32 3.12.2.2 2007.08.01 -
VirusBuster 4.3.26:9 2007.08.03 -
Webwasher-Gateway 6.0.1 2007.08.03 -

Additional information
File size: 45057 bytes
MD5: *deleted data from here*
SHA1: *deleted data from here*
packers: BINARYRES
==========================================================

@faraaz :::
according to the site, Norton / Symantec doesnt detect the virus..........


so, what do u ppl think i shud do now??
install Kaspersky?
 
zyberboy

zyberboy

dá ûnrêäl Kiñg
yeah, uninstall ur current av and install kaspersky 30 day trial...update and run a full system scan.
 
OP
H

harmik

Journeyman
ok.
cant 2 av's exist side by side?
meaning, will i have 2 uninstall my current av (NOD32)?
thnx
 
spironox

spironox

Booting Nicotine!!
two av will clash while the system file acessing !

better have one

dont populate the Av's the world is already filled with people
 
zyberboy

zyberboy

dá ûnrêäl Kiñg
harmik said:
ok.
cant 2 av's exist side by side?
meaning, will i have 2 uninstall my current av (NOD32)?
thnx
Click to expand...
dont install two av's...u can either uninstall nod32 & install kav6 or u can send the file to nod32 lab so that they can create a signature to detect this virus...if their lab is good they will give an update within 8 hrs....
 
OP
H

harmik

Journeyman
i installed Kaspersky trial.
removed virus with it from all drives by just opening drives in windows explorer.
then formatted couple f the drives.
then in the morning ran a full system scan (took about 3+hours). it removed all viruses from system restore etc.

so system seems to be infection free now..

m gonna revert back to NOD32 now. Kaspesky takes up larger amount of CPU and memory as compared to NOD32 and also takes long time to scan........
so, back to NOD32...
:)
thanks guys
 
Status
Not open for further replies.
Top Bottom