noob here, need help on new document.exe virus

Hello, Im new here and I need help badly.

I believe that this file "new document.exe" is a virus, though I am not sure and my anti virus Avast doesnt detect it. Whenever I delete this file it always come back after a few seconds. And I believe that it is the cause why several of my programs do not work anymore (winamp, winrar, bitcomet etc.). How do I know? Because these programs' icons were replaced by that of new document.exe's.... Im not really sure bout that but at least there's a connection.

 

when in doubt get a second opinion. try an online scan at trendmicro and see what turns up.

 

hi, got the same problem here, pls email me instructions on how to remove this virus thanks cnumanako @ yahoo . com

 

Send me PM and i'll help.

 

It's a overwriting virus, programmed in Visual Basic 6.
It will add itself in the registry as

H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \ M I C R O S O F T \ W I N D O W S \ C U R R E N T V E R S I O N \ R U N \ E x p l o r e r

---> terminate running processes and remove this value.

It will OVERWRITE calculator programs from windows !
Don't start calc - or you will get infected again.

It copies itself in the windows folder as calc.exe, config_.com (file is hidden!), mscalc.exe and WINDOWS.exe. All files having a filesize of 40960 bytes.

ATTENTION: it also overwrites OTHER EXEFILES! Means if you start a infected executable it will "strip" the virus code out of this file and will start it uninfected, BUT WILL INFECTED IN THE SAME TIME ANOTHER EXECUTABLE!

No chance to clean this by hand guys, i'm just adding detection - so please stay tuned.

 

hey guys,,,, also have the same problem kindly email me how to eradicate this hell of a virus.... tnx @bulseyerob@yahoo.com tnx

 

hi. my pc has acquired the same virus, and i've been ahving a terrible experience with my reports at school now. how do i get rid of the virus? if i reformat my computer, will it totally remove the virus? =) thanks!

 

http://www.eset.com/msgs/vbnay.htm

 

same here! im having a hard time opening my files...it delays! pls help! What antivirus would be helpful? I could not anymore install my pc-cillin.

 

avoid reformatting your pc. with the help offered by the board member(s), you can always get rid of the unwanted virus

 

he he he... I'm having the same problems!

here's what I got from Sophos:

"In Windows NT/2000/XP/2003 you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Explorer
<Windows folder>\config_.com

and delete it if it exists.

Close the registry editor. "

 

Hi,
Does anyone have an idea HOW they got the virus?
Mrk

 

Probably from clicking on an email attachment. The fact that it rewrites calc.exe only narrows the possible infection to maybe a half dozen or so currently in the wild.

Calc.exe is a favorite program to discover if an exploit is going to work or not because it is a .exe and when it does well - who cares?!? Its easy enough to fix and try again and - again and - again... Well, you get the point. It does do any really permanent damage and is easily resolved when it does.

This isn't the answer you were really looking for but as malware races accross the planet its difficult to tell exactly where an infection came from without discovering the source as it happened.

- beads

 

ei guys help here....i've already finished taking off that suck virus but then
i dunno how to erase the "New Document.exe" on the "send to" when you right-click a folder or a file...what directory should i precede...help plsssss
just i want to remove that on the list so it would not be back again...

 

I have the same problem as yours. My McAfee virus scan does not detect it as a virus but as a suspicious script.

I do not how to remedy this problem. Please do help us

 

U might want to post a hijackThis log over at this site,

http://gladiator-antivirus.com/forum/index.php?showtopic=10517

for analysis and the malware experts there will give u recomendations on any infections found.


snowbound

 

ELIMINATING THE NEW DOCUMENT.EXE VIRUS BY HAND

THIS IS HOW I GET THE JOB DONE...

my pc got infected last 2 weeks with this virus. I just followed instruction of some of our friends here on how to eliminate the executioin register of the virus form the registry and it worked but when I tried opening explorer.exe and calc.exe, it again register the explorer config_.com so the virus returned.

So what I did is delete the register again then I copied a clean calc.exe and explorer.exe from another computer with XP and I replaced my infected calc and explorer.exe. Explorer.exe has an accompanying file a .scf file I think so dont forget to include that. So far its been to 2 weeks now and my computer is working properly.

In doing this, be careful not to open any folder or my computer or it will initiate explorer.exe and pops-up the virus again. In my case I replaced my infected files using command prompt, safemode with command prompt, I think this is the best way to do this.

Just take precautions if you would like to try what I did, Always make a backup of the file that you want to replace or delete, especially the registry.

HAVE A NICE DAY TO EVERYBODY

 

When your pc got infected with this virus, it drops the new document.exe in every available root drive you have, and a hidden file Autorun.inf which executes the exe file. so after disabling this virus registry, delete all this autorun.inf in your root directories. search for all the .exe file you have and delete all .exe with a word document icon, be careful not to delete your actual word document exe.

KUDOS TO ALL

 

got the same problem this new document words really affect my pc performance! i follow the regedit procedure but did'n work, try to install norton 2006 still, if i Ghost my pc, would be terminate this virus?
pls. help, send me step by step procedure to eliminate this virus i have no internet connection i got this virus from floopy disc, (marlonpogs23 at yahoo.com)