All partiitions and folders are infected with Win32/VB.DG worm

Discussion in 'NOD32 version 2 Forum' started by poseidon123, Jan 22, 2008.

Thread Status:
Not open for further replies.
  1. poseidon123

    poseidon123 Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    5
    I have got this Win32/VB.DG work from my USB drive and though nod32 is giving me warnings but it is not able to remove it. All the folders of my system are infected now.

    I have already spent the whole day but couldn't found anything which can help me. The fact that all my other partitions are also infected is really scary because even if I install windows XP again, everything will again get infected.

    What can I do ?
     
  2. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    start from a boot cd that has antivirus, that way you can remove everything wihtout problems since the virus is not active :)

    for open source get helix, for propriety get a bartpe/winpe cd prepared with the antivirus of your choice
     
  3. poseidon123

    poseidon123 Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    5
    Hi eternal, thanks alot for replying, unfortunately I couldn't understood much of what you said. If you are saying, go and buy Win XP CD with inbuilt anti virus, it is too much for me as it can take lot of time.

    Will upgrading the system be helpful ? say with my XP CD If I use RECOVERY mode ? the worm is not that harmful, it is just that it keeps on spreading and changes system registry options associated with folders which is really frustrating.
     
  4. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    you dont have to pay anything at all.

    in laymans terms, what i said was that you could create a special cd and run your whole windows from that cd, so that the virus never loads.

    then its easy to remove it, because it's not in the memory.

    if you have a friend who's a sysadmin or general techie, ask him/her to help you with "bartPE" and a antivirus scanner.

    it's all free, no cash involved.
     
  5. poseidon123

    poseidon123 Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    5
    one question eternal - I am looking to use PE builder and I think I have to create the installation ISO with it. It is asking me Source File(s) of Windows and Custom path of any directories which I want to cover.

    Now my system is already infected including all the folders, so should I go to another PC to create that CD from other windows installation ? My registry is already screwed up so if I create any image from my current installation, it will be of NO use.
     
  6. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    yes, you cant use your own pc to build it, because it's infected. you need to get help from a friend (who has a clean pc of course)
     
  7. poseidon123

    poseidon123 Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    5
    Eternal one more question, how about if I take my hard disk to someone else Clean PC and than make it as secondary and than try to clean it ? I will make sure the Master PC has good anti virus installed so it don't get affected.

    Almost 350 GB of data bas got infected and I am loosing lot of very important and crucial information here. I am not able to work for past 2 days as well due to all this. :(
     
  8. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    it's dangerous because windows might try and run things off the harddrive, thus putting at risk... i wouldn't risk it.

    maybe if you have a friend that has macintosh or linux, just so that the virus won't work (due to being made specifically for windows).
     
  9. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Hi there,

    I'm no expert but have you tried to scan your system in 'safe mode'? In most computers this is done by tapping repeatedly the F8 key when the computer is starting (timing is crucial if you want to enter safe mode). I would also check that your Nod32 is set at its maximum levels (see this forum for Blackspear's configuration).

    https://www.wilderssecurity.com/showthread.php?t=178177 If you check the section 'Infected System with Nod32 installed' it might give you some guidelines on what to do.

    On a personal note, how can you go about your business with 350 GB of data without some kind of backup? when you get out of this mess you should immediately buy an imaging program, and backup your system on a regular basis. No Antivirus nowadays can be relied on as the sole layer of defence.

    Good luck
     
  10. poseidon123

    poseidon123 Registered Member

    Joined:
    Jan 22, 2008
    Posts:
    5
    Guys, I will be trying all the methods one by one. I am just looking to use system restore to see what it can do. Just hitting in the dark....

    After that I will do eternal's CDROM BartPE method and after that, probably will take the hard drives to someone else PC and than try to remove the virus.

    The data is worth thousands of dollars(even more) including lot of client records which are very important for me. I also had a backup hard disk attached to it but it too got infected. The worm came from a USB drive which was used in some internet cafe from where it got infected. I have complete formatted the usb drive (lost 2 Gb of data there too) but I can't format these hard drives. :)

    THanks for showing interest in my plight, I will keep you updated :)

    THe worm has started from indonesia and it seems this page has some good info on it http://fathiin.blogspot.com/2007/10/w32vbwormmye-81u3f4nt45y.html but unfortunately it is in indonesian.
     
  11. ethernal

    ethernal Registered Member

    Joined:
    Jan 18, 2008
    Posts:
    132
    Location:
    Stockholm, Sweden
    as a side note, i'm not critizising you obaman, but i've had pc's turned over to me where viruses and trojans have replaced system services (like ipfw4.sys) and well, windows likes to load many services even in safe mode.

    "i say we take off and nuke from orbit, it's the only way to be sure" <3
     
Thread Status:
Not open for further replies.