Virus/Trojan

**rajpoot** · 05-26-2011, 17:28

So someone did certain things on my PC that I never do, and as a result when I switched on my PC for a relaxing hour after work today, I realised it was infected with a virus...or trojan....I can never remember how they differ.
Anyway, let me begin with the specifications. I'm still running Windows XP SP2, and it's been working perfectly fine up till now. Furthermore I didn't have an Antivirus software installed since my previous experiences with McAfee, Norton and Kapersky haven't been good. More often than not they ended up deleting my compiled executables rather than detect and delete actual viruses.
Now each of my drives have an autorun.inf in the root, with a .pif file and a .exe file. I can manually delete the exe files and pifs, but the autorun.inf all seem to be used by some process so I cannot delete them. Furthermore deleting the other files has been ineffective up till now since they are replaced quickly.

I finally caved in and installed AVG, this evening, but till now it has done nothing useful and has simply been eating up my processor and RAM.
I also tried to kill the process which was using the autorun.inf files, but I couldn't find it, and the unlocker utility isn't working.

So basically I'm in a bad fix. The PC is a big part of my everyday life, and worst of all, the unwanted processes running hidden seem to be hooking SecuROM software so quite a few games installed have stopped working.

Any sort of help and/or suggestions would be appreciated, because I really don't want to go through the hassle of taking backup of my drives and then formatting them and reinstalling Windows.

Thank you, for any help anyone can provide.

Edit:
Now AVG seems to have done something to my programs since Windows can no longer find the path to the executable files like Free Commander, even though they're still where they were.

**drone** · 05-26-2011, 18:13

Are you doing this in normal, or in safe mode?

**Lemur** · 05-26-2011, 18:23

I cannot discourage AVG strongly enough. My advice would be to download Malwarebytes, reboot into safe mode with networking, and let that baby rip. If that doesn't serve, there are more drastic steps you can take.

**rajpoot** · 05-26-2011, 19:40

I confess that logging into safe mode, which should've been the first thing I ought to have done, did not even occur to me until I read it here just now

The reason to that though is that I haven't been able to log into safe mode since ages....I get an error message about missing files and my system restarts (yeah my OS is screwed...badly....but I still don't want to reinstall just yet, if I can help it).

I uninstalled AVG five minutes after I edited the post here.

Downloading and trying out Malwarebytes in regular mode right now....will post back.
Thanks for the suggestion.

**Ice** · 05-26-2011, 21:01

Originally Posted by Lemur

I cannot discourage AVG strongly enough. My advice would be to download Malwarebytes, reboot into safe mode with networking, and let that baby rip. If that doesn't serve, there are more drastic steps you can take.

This gets rid of 80% of virsues. Not much you can do if safe mode isn't working correctly.

**the tokai** · 05-26-2011, 21:59

tdsskiller might help. I know you said you had bad experiences with Kaspersky, but it's still worth a try, especially because tdsskiller tends to be able to get rid of stuff that other anti-virus like Avast or Malwarebytes programs don't (it does for me at least...).

**rajpoot** · 05-27-2011, 12:49

OK I tried Malwarebytes, and it's working pretty fine. It flushed out the viruses, but it can't seem to do away with the autorun files, so the copies are being made as soon as they're deleted.
Then since I lack safe mode I decided to try it in the diagnostic mode from msconfig after disabling all of the non critical services and programs (read elsewhere that it might help), but again, it made no difference.

@the tokai
I can't seem to access the website at all...

I'm really running out of options.

**Lemur** · 05-27-2011, 15:21

Originally Posted by Ice

Not much you can do if safe mode isn't working correctly.

Actually, a lot of the more awful malware infects a single profile. So if a PC has more than one profile, you can often do an end run by logging in as a different user and running your anti-virus/anti-malware from the new login. I keep a backup profile on my gaming PC for just this sort of emergency.

Originally Posted by india

OK I tried Malwarebytes, and it's working pretty fine. It flushed out the viruses, but it can't seem to do away with the autorun files, so the copies are being made as soon as they're deleted.
Then since I lack safe mode I decided to try it in the diagnostic mode from msconfig after disabling all of the non critical services and programs (read elsewhere that it might help), but again, it made no difference.

msconfig is not your friend when you have malware that is creating autoruns. Won't help even slightly.

Okay, here's a more drastic step:

Find your copy of Windows XP
Download UBCD4WIN (on a different PC, please; no need to spread the malware/virus around)
Follow the instructions for creating a boot CD using your copy of WinXP and UBCD4WIN
Reboot your infected machine from your shiny new boot CD
Run every anti-virus program on the CD
Profit!

**rajpoot** · 05-30-2011, 07:43

Tried the other profile method but it didn't work. Then i tried repairing Safe Mode, but that didn't work either.

Going to try bootable disk method and report back in a day or two.