Strange Viruses...

Discussion in 'ESET Smart Security' started by necronzero, Apr 20, 2008.

Thread Status:
Not open for further replies.
  1. necronzero

    necronzero Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    3
    I've reinstalled my F pc 5 F times...
    EVERY SINGLE TIME... i get this F viruses thats pissing me off to no end...

    molner.oliver/a.dat Trojandownloader.VB.AW trojan
    " " /c.dat small IAW trojan
    removalfile.bat win32/adware.virtumonde application

    WTF... ive reinstalled 5 times, each one with a full format, and every time before accessing the internet, I install ESS which will do NOTHING to these things... what can i do?
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Does eset detect it and can not remove or dont detect it.Have you ran any online scanners?
     
  3. schitzn

    schitzn Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    22
    They keyword you mentioned is Virtumonde.

    There is a tool called Vundofix, do a google, and you will find it.

    Due to forum rules, I cant say too much, even this will probably be removed by a mod, but the above tool is specialized for removing this harder to eradicate virus.

    Its simple enough to use, just click scan, wait an hour or so, then clean. It may require a few restarts to eliminate it completely.

    Virtumonde is a generic virus, one that seems to download more in the background in my experience, hence why your finding your av is not doing much.
     
  4. schitzn

    schitzn Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    22
    btw: you said
    "ive reinstalled 5 times, each one with a full format"

    If this is true, then your virus is being put back onto the machine by something your loading from (ie. External HDD, USB, or CD/DVD).
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    fresh formats are clean sweeps,what was installed after?
     
  6. Zet

    Zet Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    4
    no, formats aren't entirely clean sweeps, there is still data left over afterwards which can be recovered
     
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Well yea,but basically I would think one would have a virus free machine after the format.
     
  8. necronzero

    necronzero Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    3
    Ive placed my Ipod, it has my backups
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Did you format with windows CD then install backups from Ipod?
     
  10. necronzero

    necronzero Registered Member

    Joined:
    Apr 20, 2008
    Posts:
    3
    Yeah, i did that, and same thing...
    THEN i got tired... and didnt use anything for my backup.
    I went straight to installing my AV (ESS) and my controllers... all downloaded...
    after reinstalling i got the virus. T_T
    It seems its an MBR virus or something.

    What do u recommend me to do?
    Sell the HDD :p? or how do i remove it... its virtumonde stuff... an a.dat and a c.dat... plus a removalfile.bat

    Im on Ubuntu atm :D and no viruses... *installed windows on VMware... no viruses lol* *lost 20GB of metal T_T* (BTW XD)
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    what the other poster said google search.
     
  12. Paisit

    Paisit Registered Member

    Joined:
    Mar 28, 2008
    Posts:
    17
    Open google and search combofix.exe ,download and fix that f*** virus.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please send a log from ESET SysInspector to support[at]eset.com with this thread's url enclosed.
     
Thread Status:
Not open for further replies.