Several Viruses I Can't Kill

Please post the exact location of the infected files. Copy-paste the report in a new post here.

Normally, they should be located in temporaly internet files-folder. You may clear it as well by going (in Firefox) to Tools -> Clear private data. You should disable BD real-time protection before doing this, because any infected file would be blocked by BD.

Andrei

ooooh thanks a lot. When I disabled the protection it was able to kill a few of the viruses when I merely cleared the firefox data but there are still 4 lingering around my system. Here is the report...

Virus Statistics

Scan path : C:\

Folders : 3382

Files : 205809

Memory processes scanned : 35

Archives : 879

Runtime packers : 10442

Identified viruses : 4

Infected files : 4

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 33

Scan time : 00:19:25

Scan speed (files/sec) : 176

Spyware Statistics

Registry keys scanned : 1685

Registry keys infected : 0

Cookies scanned : 29

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 698426

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1183831631.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Dropper.Virtumond.A

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Infected: Trojan.Inject.BW

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Infected: Trojan.Downloader.Small.AACD

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Infected: Trojan.ConHook.X

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Move failed

Hi!

All 4 trojans are located inside a self-extracting RAR archive. You have to temporarly deactivate BD real-time protection again, browse to the folder where the archive is located, and delete it manually. Don't forgett to re-enable BD real-time protection after you're done.

Andrei

See that's what I figured but I'm having trouble doing that. After I navigate to C:\Documents and Settings\Ross there is no folder called Local Settings so I am unable to find exactly where it is located. It's quite frustrating, maybe it's something real simple that I'm just not getting for some reason or another. The enclosed picture (if it uploads ok) shows as far as I can go.

Heh oops I forgot that I have 2 monitors so just ignore the 2nd half of that picture

Even if you posted it here, no one except Virus Researcher will be able to see it.

While browsing to that folder, do the following:

From the window's main menu, select Tools, then Folder Options. Next, click on the "View" tab. Then check the "Show hidden files or folders" radiobutton and uncheck the "Hide protected operating system files", and then "Apply". The folder should be visible now. Delete the file after disabling BD real-time protection, re-activate BD real-time protection, then go again at Folder options, and check the "Hide protected operating system files" and check the "Hide hidden files or folders" radiobutton.

Andrei

Hello

If you do not want to disable realtime protection than download and use unlocker: http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe

Install it rightclick on the infected files choose unlocker,by action select delete and press on unlock all.

What Andrei said is also correct.

Regards

Niels

Hmmmm, well I've located the files now in that temp folder but I don't know if I want to disable real time protection. As soon as I select the file, bit defender brings up about 50 virus warnings and I don't know if I want to disable protection because I'm unsure what this virus does. I installed that unlocker program but to be honest I don't really know how it works. I tried right clicking on the virus in windows explorer but there is no unlocker selection.

Hello

You have to navigate : C:\Documents and Settings\Ross\Local Settings\Temp Rightclick on m7wkh00u.exe now you will see a menu where you can choose for properties but normally you will find an item called Unlocker click on it. When you selected it unlocker will start. You have to select delete and press on unlock all.

Here you find the screens that you will see : http://ccollomb.free.fr/unlocker/

Regards

Niels

no see thats the problem. When I right click on the virus file, there is no unlocker selection at all

Hello

What operating system do you have? Unlocker is compatible with Windows 2000 / XP / 2003 / Vista. Are you the administrator of the computer? Because on a limited account it will not work.

Regards

Niels

Ok I just ended up disabling real time protection and deleting it and so far I think all is good again. Thanks a lot for the help guys, I'll post again if I see any recurring problems.

Hello

Good to hear that you could delete it. My second suggestion was booting in safe mode and deleting the infected files manually.

Glad that we could help you.

Niels