How to fix severe virus problems?

Discussion in 'ESET NOD32 Antivirus' started by Psychozd, Jul 12, 2008.

Thread Status:
Not open for further replies.
  1. Psychozd

    Psychozd Registered Member

    Joined:
    Jul 12, 2008
    Posts:
    3
    I`ve posted this in NOD32 part of the forum cause its mine antivirus program.

    Two days ago, I`ve noticed that my computer is slowing down. I`ve accesed the control managment (to be honest I don`t know how it is called on english, cause my XP is on croatian, but the keypad shortcut is AltGr + Ctrl + Del) and I saw that some installation process in going on. Before I was able to end it, the installation completed and my comp was infected.

    It changed my wallpaper, deleted some icons, and locked me out of some key systems. I can`t access hard disk, control panel, control managment, or any system that could help me to realise what is wrong.

    I`ve run a on - demand scanner with full system scan twice, and I couldn`t remove virus. First time it found 345 infected files, and cleaned 296, and second time it founded 52 infected files, and cleaned only three. One of the problems is that more than 2000 files, including some in /windows/system32/ are locked and cannot be accessed.

    The "XP" is opening my internet broswers suggesting me to download some of the "antivirus programs" to clean it, but I didn`t fail on that. (the sites are "safewebnavigate.com", "antivirus-2008.pro.com"...)
    What should I do, and how can I get rid of this virus?

    And microsoft has sent me "microsoft windows malicious software removal tool" via automatic updates, but it has found only one infected file... Is that program any good?

    Here are some screenshots of my problem, uploaded to imageshack...

    http://img300.imageshack.us/img300/3372/virusxz4.png
    http://img440.imageshack.us/img440/4818/jebainjamaterxz2.png
    http://img292.imageshack.us/img292/4729/multipleinfectionspn2.png
    http://img172.imageshack.us/img172/2107/krajam7.png
    http://img135.imageshack.us/img135/3950/noharddiscpq8.png


    All those "antivirus, and antishit" icons you can see on my background are added by virus...
     
  2. Psychozd

    Psychozd Registered Member

    Joined:
    Jul 12, 2008
    Posts:
    3
    I`ve forgot...
    NOD has found many different versions of win32/worm, trojan downloader, you name it...
    And AMON has found NewHeur_PE virus.

    This is file name...
    Module Object Name Threat Action User Information
    9.7.2008 18:07: VIRUS ALERT! IMON file ~Link removed. No links to possible malware on the forum. - Ron~ probably unknown NewHeur_PE virus NT AUTHORITY\SYSTEM
     
    Last edited by a moderator: Jul 12, 2008
  3. ablatt

    ablatt Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    128
    Location:
    Canada
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try cleaning the computer in safe mode using ecls.exe
     
  5. risl

    risl Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    581
    "Probably BACKDOOR.Trojan" from dr.web to that ctfmon.exe file.
     
  6. Psychozd

    Psychozd Registered Member

    Joined:
    Jul 12, 2008
    Posts:
    3
    Looks like that the main problem is trojan-ace-x virus...
    How can I remove it? I`ve tried NOD, spysweeper, spybot S&D, adaware. Nothing helpful. NOD can not detect it, and the last three cann`t remove it.
    Is there some program I could use to resolve this problem, or the only possibility is to reinstall windows :argh:
     
  7. MaVRiC

    MaVRiC Registered Member

    Joined:
    Dec 7, 2007
    Posts:
    25
  8. emperordarius

    emperordarius Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    1,218
    Location:
    Who cares
  9. dr pan k

    dr pan k Registered Member

    Joined:
    Nov 22, 2007
    Posts:
    204
  10. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    After cleaning the computer in safe mode, you can send a log from ESET SysInspector to samples[at]eset.com with this thread's url in the subject so that we check it and make sure your computer is virus free.
     
Thread Status:
Not open for further replies.