I can't get rid of this virus

my lil bro was on my computer and downloaded this (adobe_flash-9.24.exe) thinking it was a flash update. This virus is a bitch, doesnt slow down you computer it just, doesn’t let you run anything. It blocks all EXE files for all programs, giving and output error. EX. can not open EXE. i was wondering if any of you can help me get ride of this virus. The creator calls it the JIGABOO. i have found a way to stop the virus from running in the background by, before it starts, i close its EXE file using task manger. The EXE file was named JIGABOO.exe . Here is the web site where my brother downloaded it from warguru.net/youtube.php, once the site is finished loading a download window opens and of course you download it not thinking. Avast, avg, and norton couldn’t find this virus in my system. i dunno why they cant but i think its because its not a know virus but i dunno. and i also dunno if it sent out emails to anyone on my contact list but i warned them about this virus and told them not to open any emails from me. so anyways i hope you gays can help me and if you can that would be great an i hope all the info that i have given might help in some way cuase i dont have the knowledge to locate the virus or anything like that so please help if you can. thankz =]

signed,
RADICALrandy

General cleaning method could be:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).

  2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).

  5. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

The EXE file was named JIGABOO.exe . Here is the web site where my brother downloaded it from http :// warguru.net / youtube.php, once the site is finished loading a download window opens and of course you download it not thinking. Avast, avg, and norton couldn't find this virus in my system.

Please modify your post so the link isn’t live (clickable) as I have in your quote, e.g. http :// warguru.net / youtube.php

The last thing you want is for people to be accidentally exposed to (“This virus is a bitch, doesn.t slow down you computer it just, doesn’t let you run anything”) malware.

Send the sample to virus@avast.com zipped and password protected with password in email body and undetected malware in the subject. Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest.

Hi DavidR,

Would not like to go to that live link either, but scanning it with the DrWeb AV hyperlink scanner, showed it was clean. Just like to know what our friend gets on virustotal if he uploads the suspect file there. It is hard to tackle an unidentified virus. Could be all sort of things.

polonus

The contents on that page may well be benign but there is obviously a script in there that causes the download and I believe the file downloaded isn’t on that page so wouldn’t be scanned by DrWeb.

Just like to know what our friend gets on virustotal if he uploads the suspect file there.

Your wish is my command:

Complete scanning result of “adobe_flash-9.24.exe”, received in VirusTotal at 04.22.2007, 19:39:06 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.21.0 04.20.2007 no virus found
AntiVir 7.3.1.53 04.22.2007 no virus found
Authentium 4.93.8 04.20.2007 no virus found
Avast 4.7.981.0 04.21.2007 no virus found
AVG 7.5.0.464 04.21.2007 no virus found
BitDefender 7.2 04.22.2007 DeepScan:Generic.Malware.IFYd.B030D472
CAT-QuickHeal 9.00 04.21.2007 no virus found
ClamAV devel-20070416 04.22.2007 no virus found
DrWeb 4.33 04.22.2007 DLOADER.Trojan
eSafe 7.0.15.0 04.22.2007 no virus found
eTrust-Vet 30.7.3585 04.21.2007 no virus found
Ewido 4.0 04.22.2007 no virus found
FileAdvisor 1 04.22.2007 no virus found
Fortinet 2.85.0.0 04.22.2007 no virus found
F-Prot 4.3.2.48 04.20.2007 no virus found
F-Secure 6.70.13030.0 04.22.2007 no virus found
Ikarus T3.1.1.5 04.22.2007 no virus found
Kaspersky 4.0.2.24 04.22.2007 no virus found
McAfee 5014 04.20.2007 no virus found
Microsoft 1.2405 04.22.2007 no virus found
NOD32v2 2210 04.22.2007 no virus found
Norman 5.80.02 04.21.2007 no virus found
Panda 9.0.0.4 04.22.2007 no virus found
Prevx1 V2 04.22.2007 no virus found
Sophos 4.16.0 04.20.2007 no virus found
Sunbelt 2.2.907.0 04.19.2007 no virus found
Symantec 10 04.22.2007 no virus found
TheHacker 6.1.6.095 04.15.2007 no virus found
VBA32 3.11.4 04.21.2007 no virus found
VirusBuster 4.3.7:9 04.22.2007 no virus found
Webwasher-Gateway 6.0.1 04.22.2007 no virus found

Looks like new malware, hot of the press.

A scan with Deckard’s Sytem Scanner will reveal changes to file associations/ newly created files.

http://forum.avast.com/index.php?topic=27343.msg222787#msg222787

Hi FwF,

Well that could well be that this is a new DeepScan generic worm infection. The difference between trojan and worm is actually blurred here. Vital this file is being forwarded to avast, so they can put it to the test and have an antidote. He should also check if there is something with JIGABOO somewhere in the registry!
Here we need vundofix, but it is best to follow the cleansing routines found here:
http://forums.majorgeeks.com/showthread.php?t=114921 Could well be a kind of similar infection in this case.

polonus