Somebody put their USB memory stick in my computer and then I immediately got a virus so severe that even Ghost
restore did not work. After Ghost restoring the C drive, I found that the virus was still on the D and E drive. The virus was seen as a autorun.inf and a pif file (MS-DOS-based program shortcut to a program executable). If I tried to delete either file, they would just reappear a few seconds later. Then they jumped back on the C drive and reinfected that. Some other things that I noticed: the date was set back to 2004, regedit and msconfig would not work (message that other program was using them). Also I could not shut the computer down. I tried Housecall and that did not solve the problem. I think I finally solved the problem by restoring the C drive again , BUT NOT BOOTING BACK to Windows. Somebody helped me get in the Windows safe mode command line and used DOS command to delete the virus on the d and e drive. They used a command something like, attrib-s-h (negate system file and hidden file attributes) to change the attributes of the virus file so that they could be deleted. I couldn't follow all what he did, but if somebody can clarify that procedure, that would be really helpful to me.
Try StreamFab Downloader and download from Netflix, Amazon, Youtube! Or Try DVDFab and copy Blu-rays! or rip iTunes movies!
+ Reply to Thread
Results 1 to 25 of 25
Thread
-
-
If you could not follow what they did, you are better off not knowing the procedure.
Pen drives are very prone to be infected by viruses and trojans because they are the modern version of the floppy!
The usual method is use of an autorun.inf file
For your own sake do what this article tells you to disable autorun.inf from all drives.
http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks
and then, whenever you are attaching a pen drive, run a scan on it before opening any files on it.
afaik, all the present day viruses/trojans which infect pen drives use autorun.inf. -
I would like to confirm the above directions. I copied them exactly as in the screenshot (see screenshot 1) and followed the directions for merging. However, when I insert a software disk into the cd drive (after rebooting), the software menu still appears (see screenshot 2). I was under the impression that after modifying the registry, the software menu will NOT appear. I don't think the above trick (to disable autorun) works on my xp computer.
-
I found the following DOES work to disable autorun. At least, when the above software disk is inserted, nothing happens (no menu appears). However I still wonder if a nasty virus might secretly re-enable the autorun.
I found this info at:
http://antivirus.about.com/od/securitytips/ht/autorun.htm
Here's How:
1. If you use XP Pro, follow steps 1 through 8 only. XP Home users begin at step 9.
2. Click Start and then click Run
3. Type gpedit.msc and click OK
4. The Group Policy window will open. In the left pane, double-click Administrative Templates
5. In the right pane, double-click System
6. Scroll down the list and double-click Turn Off Autoplay
7. In the Turn Off Autoplay Properties window, select Enabled. From the dropdown next to Turn Off Autoplay on, select All drives and then click OK
8. Exit Group Policy by selecting File, then choosing Exit from the menu. -
Oops, I found my mistake regarding modifying the registry to disable autorun. DON'T use the link:
http://windowssecrets.com/2007/11/08/02-One-quick-trick-prevents-AutoRun-attacks
Instead use the link:
http://nick.brown.free.fr/blog/2007/10/memory-stick-worms
The first link is only for geeks and cannot be followed by most people.
The second link is easy to follow and works. Problem in the first link has to do with the confusing spacing of the
phrase: Windows NT
There should be a space between Windows and NT.
So it should read:
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYSoesNotExist" -
On the D and E drive I would save any important information and then format the drive. after those drice are formatted and reghost the C drive and start fresh.
-
The regedit command is easy if you just navigate into it yourself rather than merging, manually making the key changes is much safer as oppossed to blindly merging which is dangerous.
Ghost did not solve the problem because it was not applied to it, the virus was removed from the area onto which Ghost was used, the C drive. All storage areas must be cleaned. If the other drives had been ghosted with a clean image you would have been OK.
The attrib (attributes) command is "Attrib -r -s -h" which removes the Read-only, System, and Hidden attributes, it is generally uses with a "*.*" to apply to all files. This then allows for deletion.
A Linux boot CD with an NTFS reader has become an essential piece of software for anti-virus use. Booting Windows in Safe Mode sometimes works, but often not. -
A Linux boot CD with an NTFS reader has become an essential piece of software for anti-virus use.
-
Originally Posted by Nelson37
In my opinion, every user should have him/herself a Bart CD "rescue" disk on hand, for just such occasions.
Read all about Bart here: http://www.nu2.nu/pebuilder/ICBM target coordinates:
26° 14' 10.16"N -- 80° 16' 0.91"W -
Originally Posted by jimdagys
Damn dude, can you go even one week in China without something screwing up your PC? You don't seem to be learning any lessons based on your constant posts about one calamity or another on your PC. -
Originally Posted by jman98
https://forum.videohelp.com/topic357120.html?highlight=virus
https://forum.videohelp.com/topic356838.html?highlight=virus
https://forum.videohelp.com/topic349539.html?highlight=virus
https://forum.videohelp.com/topic348783.html?highlight=virus
https://forum.videohelp.com/topic348738.html?highlight=virusDonadagohvi (Cherokee for "Until we meet again") -
To the OP - You need one of two things, possibly both: A helmet, or a padded hammer.
Get a Linux boot CD and a memory stick. All you got to do is burn it, no "build" involved. Takes a lot less time than all these Ghost restores, and BTW, if your Ghost image is not restoring the boot sector, you've done something wrong. -
My favorite line is from this thread: https://forum.videohelp.com/topic348783.html?highlight=virus
And I quote, "I have been experimenting with downloading things from very dubious sources."
What ???
- John "FulciLives" Coleman"The eyes are the first thing that you have to destroy ... because they have seen too many bad things" - Lucio Fulci
EXPLORE THE FILMS OF LUCIO FULCI - THE MAESTRO OF GORE
-
Originally Posted by FulciLives
I also find it funny that he believes this virus is all powerful because Ghost couldn't remove it - when the virus was on a drive that he didn't re-image anyway. Ghost is not an anti-virus product or an anti-virus solution. It is a system backup and recovery tool that should be used when all else fails, not as a standard response to virus infections that could be so easily stopped simply by using a good anti-virus product.Read my blog here.
-
run a sandbox program if you want to play with files from dubious sources.
-
Would it be too harsh to say that "Well, if you only re-imaged the C:\ drive of a computer with multiple partitions, of COURSE D:\ and E:\ will still be infected!" ?? --- and as soon as you look at those drives they'll likely re-infect C:\ anyway, so you've completely wasted your time.
If you have images of D: and E: that are usable and you haven't got anything it would hurt to lose on them, do all three at once. If not, then a method similar to what I just posted in another thread may be needed... run a liveCD with antivirus things on, clean up and recover everything you can manage to from those disks, then reformat the entire sodding thing. Take it back to completely blank, no partitions or anything. DISCONNECT FROM THE NET. Ghost C:\ back into life at original size, remake and reformat D:\ and E:\. Make sure AUTORUN for removable drives is off (even in legit cases, 90% of the time it's an unwanted annoyance) - or at least, for crying out loud, get yourself a decent antivirus that can spot these things and keep it updated. Even the free ones do that. Put on a more crap-proof browser with some anti-malware plugins. THEN recover your documents back to those drives. And start scanning all your USB keys etc.
It's not difficult to avoid most virus issues, it just needs a little knowledge and a little care. Most problems stem from lacking one or the other, and hopefully we can provide you with the former element.-= She sez there's ants in the carpet, dirty little monsters! =-
Back after a long time away, mainly because I now need to start making up vidcapped DVDRs for work and I haven't a clue where to start any more! -
This thread is over 1.5 years old, and the OP is probably no longer seeking a solution.
-
Similar Threads
-
Question about possible virus that won't allow seeing hidden files
By jimdagys in forum ComputerReplies: 24Last Post: 1st Dec 2009, 08:09 -
VIRUS,VIRUS, Getting blocked accessing antivirus sites
By G)-(OST in forum ComputerReplies: 11Last Post: 10th Apr 2009, 03:40 -
Question about virus that shuts down Windows
By jimdagys in forum ComputerReplies: 12Last Post: 23rd Sep 2008, 06:03 -
Question about how can Ghost (restore) avoid bad sectors on disk
By jimdagys in forum ComputerReplies: 4Last Post: 26th Apr 2008, 21:43 -
question about terrible virus and installing TV card
By jimdagys in forum ComputerReplies: 2Last Post: 1st Apr 2008, 11:26