There seems to be a virus attaching itself to my recycle bin. I followed some instructions found in the forum. Followed them step-by-step btw. here are the directions
Clean your temporary files.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
Clean your Hosts file (replacing it) with HostsMan tool.
Disable System Restore and then reenable it again.
Immunize your system with SpywareBlaster.
Check if you have insecure applications with Secunia Software Inspector.
The first time i tried to do this, my pc blue-screened on dr. web cure-it. My hard drive would not even start. Apparently, this virus removed the actual driver files for the hard drive. At least there was something on the BSoD about an undetected hard drive. So, I formatted the pc, since that was the only way to get it to do anything. Thought the format would have completely removed it, but then it came back. I’m not sure how, because I installed and used the programs recommended here. I even switched to the Firefox browser before i downloaded avast and other safety programs.
This trojan.generic.1432807 that has shown up was detected by Spyware Terminator. It is listed as the following filename:
I moved it to the quarantine folder of Spyware Terminator. Avast doesnhttp://forum.avast.com/index.php?action=post;board=4.0’t seem to detect it. CCleaner did hang up while emptying the recycle bin on a file named C:$Recycle.bin\S1-5-21-217628658-1352733964-437335590-1000$RMVQ8IY.exe . Now, since the 1st file mentioned has been quarantined, CCleaner has been able to sucessfully finish.
Could you tell me how to remove this file. Or is it now considered “inactive”. Is there an actual virus buried somewhere in my pc that is causing this type of thing to be recurring? It’s not the first time that I’ve seen this C:$Recycle.Bin… type of file. When the problem first started (keyboard wouldn’t type, pc ran very slow, yahoo messenger wouldn’t function properly, etc) there were files that would not delete from the recycle bin. The pc’s been formatted since then though and not a system restore, an actual format C:\ delete it all and start from scratch.
How do I find the actual file(s) that are causing this problem to return and/or multiply? Also, I used Hijackthis and I do have a log file, but I don’t know what to do with it.
Alright here is a log from today, just made a few minutes ago. Thanks so much for your reply and help.
There doesn’t seem to be anything going on with my pc right now. Everything seems to be functioning normally. The only thing that worries me is the fact that this virus could activate itself again. I’m still not sure how it got activated in the first place. Is it possible for this virus to be one that activates itself after a certain length of time, automatically? But, barring that Dr.Web CureIt! activated the virus, it having some type of timer in it’s programming is my other theory. And this time Dr. Web neither activated or found it.
[font=Segoe UI] About the reactivation of virus, it will remain inactive unless something wrong happens to your AV. Moreover, if a firewall is not active, a trojan downloader may re-download the suspicious file, therefore, infected file will not reactivate but will be substituted with another one. So it would be best to always have a good firewall.
You log shows that you don’t use a firewall (or could be deactivated by some malware). If possible, please consider enabling Vista’s Firewall or download an alternative one like:
Ok thanks. I did have the windows firewall on, but I thought that it didn’t work. So, I will complete all of your recommendations and after that I should complete the 1st post’ list of steps again and the pc should be ok. Also, I do have windows update set to download but not install updates. I’d no idea that the windows updates are so very important. I use FireFox now, is that an ok browser to use? Someone told me that it is better than IE, is that a common belief?
Browsers are a personal thing and if you use the Internet with a browser there will be risks as there are lots of miscreants out there waiting to a) steal your personal information for their own personal gain or b) use your infected system to send spam through their botnet or c) slow the system to a crawl asking you to install their rogue remover.
It comes down to personal preference with IE8 and Firefox with its plethora of ad-ons and multiple updates to fix its vulnerabilities just like IE8 does (however not as frequently) leaves one with a choice and I choose IE8 as I am comfortable with it.
IE8 is a hell of a secure browser as you do not use it as by default, YoKenny could tell you how to tune it with zone-security and specific options/settings to make it a more secure browser. When you additionally use your machine’s account with just user rights to surf and use full admin rights only for updates and where you absolutely cannot do without, then your computer is secure against 97% of the known windows malware - this simply does not have the rights to alter things in your system files for instance, so it cannot do that much harm as with full admin rights.
Firefox browser has the added security of security extensions like NoScript and RequestPolicy where you can block any malicious script from running havoc or restrict where the page you visit can go (requests).
GoogleChrome is a browser that is very hard to hack because of the sandbox like qualities it has. It was developed anew and from scratch, and hat could not have been done with IE or Fx or Flock.
I switch between GoogleChrome and Firefox/Flockand use SpywareBlaster to secure all these various browsers I have on my system. Then there is the avast webshield as a last line of defense to disconnect you where a malcode re-direct is threatening (iFrame injection, malicious GIF and other website threats),
so the browser is not the problem that much but how to secure tweak it. YoKenny would also use a hosts block file so the nasties/insecure urls are going to 127.0.0.1 for instance, so your browser cannot go there…
polonus
P.S. I give your HJT logfile an all green, only thing you do not have an active firewall there or
do you use the Windows firewall that is one-sided by default…
Ok, I have added the recommendations and completed all the steps back to the HiJackThis log. So, here is the newest one as of right now. Also, TrendMicro RootkitBuster found those hidden files in the recycle bin and I did remove them all (8 in total). Now, perhaps this problem is nullified because well, my computer did start after doing all of this. That’s a definite improvement on the last time I tried to clean it up. And you guys have been so very helpful and all. Thank you all so much.
Looks like you’re halfway to making your PC secured. A few more things to fix:
1 Consider updating your OS’s current service pack (Vista SP1) to Vista SP2 via Microsoft Update
2 You are running 2 resident antispywares, Spybot S&D and Spyware Terminator, these two resident scanners may cause instability and conflicts. Please consider uninstalling one of those.
Ok, installed SP2 and removed those programs. Here is one last logfile in case any of you would like to see it. thanks u guys, my computer is working very nicely now, it’s almost like a new pc ;D