Spyware, Viruses, & Security forum

General discussion

Virus ?

by al3xmihai09 / December 27, 2009 1:26 AM PST

DxDiag :http://www.mediafire.com/?2mrqqnmmgnw

Ok so i have a little problem. I think i got a virus from a torrent. I have AVG free and I will try to explain my problem as well as I can.
When the torrent finished, I unziped it and AVG told me there are some viruses in my users/administrator(aka Andu) folder.
Dont look at the file names. They change each time I restart computer.(Threat name doesnt change)
Ok so I clicked on 'Block' then 'Move to Vault'. It said :
Again, DON'T look at file name. It changed. Only one that counts is Threat name.
Ok. I clicked 'Restart Now'
It restarted then AVG showed me a screen saying that it was 'succsefully removed'. 5 minutes later, the first screenshot appeared again. As I said, now the name was changed. So I did the same thing. After restart, it happened again. This time the following thing was appearing on my screen from 3 to 3 minutes.
Also, near the icons on the left side of the screen, now it is one with this thing too. I know it has nothing to do with microsoft/windows but im afraid it is a keylogger or smth.
Ok so I went to virus and tried to delete it by hand.
These are the files that are causing trouble : http://img682.imageshack.us/img682/4217/vdvfs.png
They change their name and each time I delete them they appear back. I searched in registry. There is 1 thing, xigin.exe located in users\andu that i deleted but it comes back so regedit didnt help me.
I also tried with another AV, PREVX 3.0. This one found them but I cant delete them.
Screen : http://img85.imageshack.us/img85/3342/virus1.png
Once again, DON'T look at the names. They change.
I use Windows 7. It works perfectly. Please help. If you have any suggestion or you know another forum where i can post, say it here.

Discussion is locked
You are posting a reply to: Virus ?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Virus ?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Then Please Try This..
by Grif Thomas Forum moderator / December 27, 2009 8:58 AM PST
In reply to: Virus ?

Because a trojan or spyware is probably the culprit, please follow the steps below:

Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.

First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif

IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.

Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.

Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)

Malwarebytes Manual Updater link

Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:


SuperAntispyware Manual Updater

In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....

Hope this helps.


Collapse -
by al3xmihai09 / December 27, 2009 6:09 PM PST
In reply to: Then Please Try This..

Thanks a lot. It worked! Grin

Collapse -
Be Sure To Run Repeated Scans...
by Grif Thomas Forum moderator / December 28, 2009 2:47 AM PST
In reply to: thanks

..Restart the computer and run repeated scans with both of the removal tools, until nothing is detected. Sometimes, the malware can return after a restart.

Keep up the good work.

Hope this helps.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.