Virus: New Folder.exe and regsvrc.exe

Hi,
i am using Avast Antivirus. My pendrive got infected with two viruses called New Folder.exe and Regsvrc.exe. I tried deleting them, tried formatting the pen drive and still it is not getting cleared. Avast identifies it as Threat and when i click delete it, the virus creates itself again and Avast keeps showing the same file as threat. Avast is unable to delete it coz it recreates itself once it is deleted. Give me a soln…

i think this will be useful to delete the virus manually…

http://amiworks.co.in/talk/how-to-remove-new-folderexe-or-regsvrexr-or-autoruninf-virus/

Hi,
thks for the link. But i think it is not applicable to my case wherein only my Pendrive is affected by it and i could not find autorun.inf

try

Flash Disinfector http://www.precisesecurity.com/tools-resources/adware-tools/flash-disinfector/
Autorun Eater http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml
Panda USB Vaccine 1.0.1.4 http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-10909938.html

Hi Pondus,
tried all the three softwares… Nothing is able to delete the virus completely. they are deleting the virus but the virus recreates itself automatically once deleted… Pl tell me an alternative

Wow… It’s amazing that it keeps coming back again & again… :o (Goodness gracious…)

I was just curious: How have you tried formatting the drive/deleting the files? (Ubuntu/Gparted or something similar? Low Level formatting? Secure shredding?) ?? These are just some thoughts I had…

Hi lets try this to see if I can find it

http://www.geekstogo.com/misc/guide_icons/gmer.png
GMER Rootkit Scanner - Download - Homepage
[] Download GMER
[
] Extract the contents of the zipped file to desktop.
[*] Double click GMER.exe.

http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif

[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED
[] IAT/EAT
[
] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg

Click the image to enlarge it

[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop.
CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.

THEN

Download OTL to your Desktop

[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[
]Under the Custom Scan box paste this in


netsvcs
%SYSTEMDRIVE%*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav
%systemroot%\system32\drivers*.sys /90

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs