2

Possible Duplicate:
What to do if my computer is infected by a virus or a malware?

I am using Avira on my old XP-PRO laptop and today without a scan a message popped up indicating malware had been detected seems I have a few here's two descriptions: BDS/IRCNite.agh also .bzd,. Can't quarantine it and can't seem to remove it. It was not detected by the Microsoft PC safety scan (quick scan) Did a system restore and its still there. Am concerned with it because of the dangerous nature of the back door server. Also cannot indentify this virus even on the website which detected it?

Any Suggestions?

Community
  • 1
Catherine McAteer
  • 21
  • 1

3 Answers3

2

I have been post this answer before see this post for more info.

I used this Rescue CD and it helped me out. Hope it will do the same with you. Here are some feature of this you will find on link also. A comprehensive administration toolkit. System recovery from virus and spyware infections. Adaptability for the recovery of both MS Windows and Linux operating systems (FAT32 and NTFS file systems). Ability to perform a clean boot from a CD or USB stick. Nothing is much stronger search than the boot time.

Community
  • 1
avirk
  • 15,689
  • 16
  • 59
  • 104
1

I would first, manually delete the C:\windows\temp directory and the C:\Documents and Settings\%UserProfile%\Local Settings\Temp directory. Hint: With XP, sort them by date, and delete everything older than today, then try to delete the rest. The reason to delete them is that your scans will be faster, and often malware hides there, and is easier to see with all the other junk removed. You can safely delete the files in those directories. Take note of what is left. If it is a wild random file name that won't delete, that is probably your problem, or one of them.

Next Install Malwarebytes, Superantispyware, and Hitman Pro that you get from download.com. Boot into Safe mode with Networking and run all three scans. Then run HijackThis from the same download.com. Look at the entries labeled BHO that don't have a company name associated with them. They are probably bad, but you can post your HijackThis log on many sites and have people help you with it specifically. BHO's are designed to run with your browser, but if malware, can infect you every time you open that browser.

Then after all that, go back and look at your temp directories again, and see if you can delete the bad files. If not, download Unlocker, again from download.com, and unlock the bad file and delete it. I did not want to do this earlier since depending on what it is attached to, it could crash the system.

Lastly, if none of this works, you would probably want to try Combofix. It is a bit of a last resort because if you have certain types of viruses in the boot sector, it can clean them, but render the computer unbootable, at least temporarily. Frankly, this does not happen too often.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

KCotreau
  • 25,519
  • 5
  • 48
  • 72
  • If you have questions about a file name or BHO, just reply here, and I can probably tell you if it is good or bad. – KCotreau Jul 10 '11 at 01:30
  • Also good to delete files in C:\Documents and Settings\%UserProfile%\Local Settings\Temporary Internet Files and empty the recycle bin. Or just use cCleaner and it will empty all the folders mentioned for you – Kevin Jul 10 '11 at 01:35
  • @Kevin Good, I just forgot to mention it. I usually do that too. – KCotreau Jul 10 '11 at 01:36
  • @KCotreau Combofix is intended to be used in concert with other tools at the direction of someone trained in its use. – Andrew Lambert Jul 10 '11 at 03:58
  • @Amazed Isn't that what I just did?? I told her the other tools to use, and then as a last resort, an expert (me) told her to use it if nothing else worked. They really overplay that line, and you bought it. – KCotreau Jul 10 '11 at 04:04
  • @KCotreau Perhaps you did, but not strongly enough. "That line" comes directly from the guy who writes Combofix. – Andrew Lambert Jul 10 '11 at 04:49
  • @Amazed I really don't care. I still think it is way overplayed. I have used it so many times without any incident. In my opinion, it is worth the risk when you can't get rid of something any other way. By the way, just who is this person standing by, who is trained in its use?? – KCotreau Jul 10 '11 at 04:51
  • @KCotreau Anyone trained by a [UNITE](http://www.uniteagainstmalware.com/) accredited school is a qualified tech. Go to the malware forum of any UNITE affiliated help site and search for Combofix + unbootable and you'll see just why the warning is there and why it's so strongly put. In many of those cases someone with training could have taken the log file from [DDS](http://www.bleepingcomputer.com/download/anti-virus/dds) and written a custom CFScript which specifically targeted the infect and/or bypassed the parts that may result in a boot failure. – Andrew Lambert Jul 10 '11 at 05:03
  • @Amazed You really need more common sense. Do you really expect everyone on the Internet to get someone trained? If it is so damn dangerous, you would not post it. How do you get by in life so scared? – KCotreau Jul 10 '11 at 08:03
1

See my post here

Go to the EDIT section at the bottom, download and install the Microsoft System Sweeper software on a PC that is not infected, make the boot CD or flashdrive, boot from it on the infected PC, run a full scan and remove anything it finds. It is one of the few that can remove a boot sector virus.

Be sure to select the proper bit version, it needs to match the system you are trying to clean, not necessarily the system you install it on to make the media.

Community
  • 1
Moab
  • 58,044
  • 21
  • 113
  • 176
  • I will have to read that question when I am a little less tired. We all have our ways, but I will probably learn something. – KCotreau Jul 10 '11 at 01:52