help!!!! 3 computers infected!!!

  gizzyx 04:06 30 Dec 2008
Locked

hi guys in one fell swoop i got 3 computers infected in one day. two have got the antivirus 2009 trojan on, but i'm not too worried about those, as there is nothing of importance on them at all so i will reformat and reinstall windows on them. however i have a laptop with loads of important stuff on which is backed up onto a usb flash drive. heres the rub: the flash drive is infected. it has two hidden files named autorun.inf and system.exe that no matter how i try, i cannot delete. they delete but regenerate. opening the autorun file in notepad and deleting the text does no good as the file restores itself. searched the registry and found loads of refs to F:/system.exe and deleted the entries, but each time i re insert the flash drive, the values reappear. obviously the autorun.inf runs system.exe and this is replacing the reg entries. i could do a factory restore on the laptop but that would destroy my data and the flash drive will only f£$%k the registry again. i could chuck the flash drive in the bin, but are the files being regenerated by an infection on the laptop? any help greatly appreciated. btw the flash drive has been in all 3 systens today but the only sign on my laptop is a desktop shortcut to some website and home page (ie) redirection. avg8 and malwarebytes antimalware finds nothing amiss. both up to date, and scan including flash drive.

  STREETWORK 09:18 30 Dec 2008

Do a google on 'antivirus 2009 fix' or

click here

  howard64 09:19 30 Dec 2008

try connecting the laptop to trend micro and let them do an online scan.

  oldbeefer2 10:24 30 Dec 2008

No need to reformat - Malwarebytes (mentioned in the link above) will get rid of the infection in a few minutes.

  oldbeefer2 10:27 30 Dec 2008

.. just reread your post and see you have tried Malwarebytes. Odd, as that shifted the 2009 trojan on a friends confuser with no probs.

  skidzy 11:04 30 Dec 2008

Gizzy run this;

Flash Disinfector on the flash drive click here

Mbam needs to be updated and ran in safemode first on all computers before running Flash Disinfector.

  Fruit Bat /\0/\ 11:45 30 Dec 2008
  gizzyx 13:29 30 Dec 2008

i downloaded the latest version of malware bytes antimalware and updated it this morning. also got flash disinfector. did a full scan in safemode with MBAM which found nothing. used the flash disinfector which didnt clean the flash drive. it said "done", but the files are still there. this leaves references in my registry to "F:/system.exe". i left these entries in there and did another safemode FULL scan with MBAM, which still found nothing! i'm lost. can't see a way to save my data.the flash drive is still infected and there must be something on the lappy with these reg entries plus whatever else this "system.exe" file is leaving behind.

  woodchip 13:40 30 Dec 2008

When you do any AV checks you should have the flash Drive plugged into Laptop so that it checks and cleans all

  gizzyx 19:20 31 Dec 2008

hi guys. have now done a full scan with MBAM and AVG8 both fully up to date and both scans in safe mode AND both with the flash drive connected. still nothing found. but the two files still cannot be deleted from the flash drive. some files were reported locked on the AVG report:-

AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.145, engine 8.0.0
Virus Database: Version 270.10.1/1868 2008-12-29

C:\Boot\BCD Locked file. Not tested.
C:\Boot\BCD.LOG Locked file. Not tested.
C:\Documents and Settings\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\ProgramData\Desktop\ Locked file. Not tested.
C:\ProgramData\Documents\ Locked file. Not tested.
C:\ProgramData\Favorites\ Locked file. Not tested.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\81f215fe2cf7a822966b933e8d830e8c_c84941ac-cb99-4266-b833-0617bb234756 Locked file. Not tested.
C:\ProgramData\Templates\ Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\Users\Codhunter\AppData\Local\History\ Locked file. Not tested.
C:\Users\Codhunter\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Users\Codhunter\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not tested.
C:\Users\Codhunter\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not tested.
C:\Users\Codhunter\Documents\My Music\ Locked file. Not tested.
C:\Users\Codhunter\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Codhunter\Documents\My Videos\ Locked file. Not tested.
C:\Users\Codhunter\NetHood\ Locked file. Not tested.
C:\Users\Codhunter\NTUSER.DAT Locked file. Not tested.
C:\Users\Codhunter\ntuser.dat.LOG1 Locked file. Not tested.
C:\Users\Codhunter\ntuser.dat.LOG2 Locked file. Not tested.
C:\Users\Codhunter\PrintHood\ Locked file. Not tested.
C:\Users\Codhunter\Templates\ Locked file. Not tested.
C:\Users\Default\AppData\Local\History\ Locked file. Not tested.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not tested.
C:\Users\Default\Cookies\ Locked file. Not tested.
C:\Users\Default\Documents\My Music\ Locked file. Not tested.
C:\Users\Default\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Default\Documents\My Videos\ Locked file. Not tested.
C:\Users\Default\NetHood\ Locked file. Not tested.
C:\Users\Default\PrintHood\ Locked file. Not tested.
C:\Users\Default\Recent\ Locked file. Not tested.
C:\Users\Default\Templates\ Locked file. Not tested.
C:\Users\Public\Documents\My Music\ Locked file. Not tested.
C:\Users\Public\Documents\My Pictures\ Locked file. Not tested.
C:\Users\Public\Documents\My Videos\ Locked file. Not tested.
C:\Windows\bthservsdp.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Locked file. Not tested.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Locked file. Not tested.
C:\Windows\System32\catroot2\edb.log Locked file. Not tested.

continued...

  gizzyx 19:22 31 Dec 2008

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG1 Locked file. Not tested.
C:\Windows\System32\config\COMPONENTS.LOG2 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not tested.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not tested.
C:\Windows\System32\config\RegBack\COMPONENTS Locked file. Not tested.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not tested.
C:\Windows\System32\config\RegBack\SAM Locked file. Not tested.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not tested.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SAM Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SECURITY Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not tested.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not tested.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not tested.
D:\System Volume Information\ Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 858115
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------
is it normal/o.k. for avg to find these files locked?

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

The Evil Within 2 review-in-progress

Adobe shows still-in-development tools, including automatically colourising black-and-white photos

iPhone X news: Release date, price, new features & specs

Comment transformer un iPhone en borne Wi-Fi ?