avast keeps popping up with these messages every 5 minutes:
c:\autorun.inf contains sample of ‘bv:autorun-t [wrm]’!
and
d:\autorun.inf contains sample of ‘bv:autorun-t [wrm]’!
i did a full scan with avast and it said there wern’t any threats so how do i stop these messages from appearing
Let your USB drive plugged and run Autorun Eater or Flash Disinfector , allowing them to clean up all drives. They would create hidden folders named autorun.inf in each partition and every USB drive plugged in when you ran it. These folders protect your drives from future infection. After that, reboot your computer.
the virus isn’t from a usb drive though as i havn’t put one in for the last few days and the virus alert onoly started showin up today.
That programs will clean the fixed disks c: and d: (hard disks) also.
I also suggest:
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator ) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
Test your machine with anti-rootkit applications . I suggest avast! antirootkit or Trend Micro RootkitBuster .
Make a HijackThis log to post here or this analysis site . Or even submit the RunScanner log to to on-line analysis.
Disable System Restore and then reenable it again.
Immunize your system with SpywareBlaster .
Check if you have insecure applications with Secunia Software Inspector .
heres the hijackthis log file in the attachment
does anyone see what the problem is from the log file?
Gee you’re impatient.
The Sun Java is down level but that’s not the problem I don’t think.
Go to Add/Remove Programs and un-install all Sun Java installs.
The latest Sun Java is Runtime Environment 1.6.0.14
http://filehippo.com/download_java_runtime
Looks like the system is infected with DNS Changer
O17 - HKLM\System\CCS\Services\Tcpip..{483E6976-B351-4980-B960-E165A697E9D5}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip..{796DECB5-83D9-40CF-850F-D3358EBE12EB}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip..{DD0776BD-5582-4A88-A0E6-56CD9FDCF422}: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.113,85.255.112.175
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.113,85.255.112.175
O
ok updated the java.
with that autorun eater program i keep getting the message:
error deleting suspicious autorun.inf file from OS(c:)
what should i do about the DNS changer then?
See my previous response.
Follow the advice given by Tech in 3.
You have a lot of 017 entries registered to Ukraine- very suspicious!
system
May 31, 2009, 7:49pm
11
system
May 31, 2009, 7:58pm
12
what are those ukraine entries and why are they suspicious
One of these men is a Ukrainian cyber crime boss and the other is a Ukrainian politician.
:
system
May 31, 2009, 8:19pm
15
The only difference I can see is one is on top of the other, but I don’t think that matters. :
system
May 31, 2009, 8:34pm
16
ok so ive done all the steps in post 3 except secunia which doesnt want to work for me
what should i do now?
system
May 31, 2009, 8:45pm
17
now i keep getting this message whenever i open intener explorer or i open a new tab or link. that message is followed by another message saying java has stopped working.
im getting really fed up now >:( >:( >:( >:(
system
May 31, 2009, 9:02pm
18
For my curiosity, download rootrepeal, and copy/paste the scan results
http://www.malwarebytes.org/forums/index.php?showtopic=12709
system
May 31, 2009, 9:08pm
19
see attachment for rootrepeal file
system
May 31, 2009, 9:11pm
20
Sorry, that looks gibberish on my pc. Copy/paste the log in your next post