I know this forum is not intended to be for virus solutions, but i can't think of a better bunch of people to consult.
I picked up a nasty virus that causes crashes that invoke several instances of dr watson.
I am usually pretty good at removing crapolla like this, but this one is kinda nasty.
I wound up rebuilding C: and have another drive with all kinds of files on it - about 240GB of odds and ends.
After rebuilding, I used one of the command console mode programs from the second drive and the virus installed itself again.
After rebuilding the second time, I found that the virus had attached itself to many of the command-line mode programs on that drive.
MalwareBytes doesn't find it.
My question is, does anyone know of a scan program that will identify the infected exe's for me ?
ThanX in advance - Dave
Upload a nice sample if the virus here :
http://virusscan.jotti.org/
Then download the trial of one of the products that detects it and get rid of it.
Hi Dave, have you tried SpyBot SD (http://www.safer-networking.org/index2.html) to scan for spyware yet? That does a pretty good job of finding a lot of junk. In your case, you'll want to right-click on the affected folder in Windows Explorer and do a "Scan using SpyBot Search & Destroy" to closely examine each of the affected files. Might take hours or more depending on how many files there are, but it is very thorough.
If that doesn't do it. if you have a free "spare" machine around, stick that affected disk into it (as a SLAVE disk!), power up, then run SpyBot, a good RootKit detector, and your favorite anti-virus on it.
Of course, the best thing to do is to just manually save any clean data you need from the disk, then nuke it from a Windows 98 boot diskette -- "FDISK /MBR" followed by "FDISK", et. al.
Thanks guys
I am on the third rebuild, now - lol
this is a nasty bugger
this time, it got me on an html file I had written myself
in the file were these 2 urls that I have added to my HOSTS file:
ZieF.pl
www.tEenPassage.com
the last one sounds like a porn site - lol
but, I got the virus from a torrent site - thepiratebay.com
HouseCall from TrendMicro may be able to detect it and clean it. It's FREE. Give it a try.
thanks Ray
i think i need a scanner that is geared specifically for this virus
i may write my own - lol
i have an entire 250 gb drive that needs cleaning
so far, i have seen it infect command-line exe's and html's
lord only knows what other files are infected
240 gb is alot to sort out - it would take forever to do it manually
btw - nice fpu site Ray - i added it to faves
Why don't you upload an infected file to the site I recommended ? I'm interested to see which virus it is and which products detect it.
well - i looked at that site - the problem is, i have 240 gb of possibly infected files - lol
i have found an infected html - exe's - and, from what i can gather by searching the web - screensavers (don't care 'bout that)
i am afraid so many different types of files are infected in different ways
i may upload an exe - i have one in mind
i have since re-downloaded the exe file
it is a simple disassembler from http://www.geocities.com/SiliconValley/Foothills/4078/
it may not be the best disassembler, but it is simple and fast and disassembles 32-bit code
anyways, that is one file i know i have an infected copy and the original, both
i would think that it would be neccessary to look at more than one file to make a scanner
but - i will give it a try and let you know.....
ok - i uploaded the disassembler 3 ways
1) zipped - infected
2) raw - infected
3) raw - uninfected
on the last 2 scans, the G Data scanner took forever and found nothing - lol
anyways - that is an interesting site - it is different than what i was expecting
interesting to note that kaspersky and norman virus control both id'ed the zipped file, but not the infected raw exe
10 of the scanners found nothing at all
none of the scanners reported a problem with the uninfected exe
the ones that ID'ed the same virus in both zipped and raw form were:
AntiVir Found W32/Virut.Gen
ArcaVir Found Heur.W32
F-Prot Antivirus Found W32/Virut.AI
F-Secure Anti-Virus Found Virus.Win32.Virut.ce
Ikarus Found AdWare.Win32.ABetterInternet.G
NOD32 Found Win32/Virut.NBK
Sophos Antivirus Found W32/Scribble-A
VBA32 Found Virus.Win32.Virut.5
I was surprised to see f-prot in the list - lol - i think the very first anti-virus program i saw (DOS days) was from f-prot
f-secure is well known and i know they have a good trial program - i may give that a shot
they have several virus-specific scanners - i had looked on their list earlier for one - no luck
most of the others, i am not familiar with
do you have any recommendations ?
- ThanX - Dave
My recommendation is to install a trial of NOD32 and clean everything with it. And I mean everything !!!!
The HouseCall I suggested is an on-line scanner. Here's the link if you haven't found it yet.
http://housecall65.trendmicro.com/
Quote from: dedndave on February 07, 2009, 08:51:12 PM
I know this forum is not intended to be for virus solutions, but i can't think of a better bunch of people to consult.
I picked up a nasty virus that causes crashes that invoke several instances of dr watson.
My question is, does anyone know of a scan program that will identify the infected exe's for me ?
ThanX in advance - Dave
In the future, I would be more careful where I went.
"If you hang around a barbershop, eventually you'll get a haircut."
lol - ty green - as i said, normally i can get rid of this stuff
this one is nasty and is infecting many trusted sites
Tom at Malwarebytes.org told me the only way to remove it from the boot drive is to rebuild
i found a couple other urls associated with this virus
you may want to add them to your HOSTS file, as I have done:
www.lwstats.com
www.kaeverak.com
adding those 4 sites will help protect you from receiving the payload of this nasty
ThanX again everyone
Dave
I did try housecall - i think i would have liked it, if there was any way to make it scan a drive other than C: