Several Viruses I Can't Kill

UnRumble

I was looking for a keygen for a specific file on firefox (yeah I know, stupid move) and I was taken to some random **** site and given several virsues that I can't get rid of. Bit defender is succesfully blocking the viruses however it cannot disinfect or move them. The files are merely located in the firefox temp folder so I thought i would try to go in and delete manually but I have found that the folder doesn't even exist. The firefox data should be listed under C:\Documents and Settings\User Name\Local Settings\Application Data\Mozilla|firefox etc.... My problem is that after I click my user name, there is no folder called Local Settings so I do not know where to look for the files.

As far as I can tell the virsues are not effecting my computer in any noticable way but the constant warnings from bit defender are unsettling. I have tried using ad-aware and spy bot to delete them but as soon as the scan finds them, bit defender brings up warnings and the programs are unable to detect and erase them. It is very frustrating and I do not know how to proceed. Any suggestions would be appreciated

AndreiASM

Please post the exact location of the infected files. Copy-paste the report in a new post here.

Normally, they should be located in temporaly internet files-folder. You may clear it as well by going (in Firefox) to Tools -> Clear private data. You should disable BD real-time protection before doing this, because any infected file would be blocked by BD.

Andrei

UnRumble

ooooh thanks a lot. When I disabled the protection it was able to kill a few of the viruses when I merely cleared the firefox data but there are still 4 lingering around my system. Here is the report...

Virus Statistics

Scan path : C:\

\

Folders : 3382

Files : 205809

Memory processes scanned : 35

Archives : 879

Runtime packers : 10442

Identified viruses : 4

Infected files : 4

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 33

Scan time : 00:19:25

Scan speed (files/sec) : 176

Spyware Statistics

Registry keys scanned : 1685

Registry keys infected : 0

Cookies scanned : 29

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 698426

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 6

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1183831631.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Infected: Trojan.Dropper.Virtumond.A

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>keygen.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Infected: Trojan.Inject.BW

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>crack.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Infected: Trojan.Downloader.Small.AACD

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>install.exe Move failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Infected: Trojan.ConHook.X

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Disinfection failed

C:\Documents and Settings\Ross\Local Settings\Temp\m7wkh00u.exe=>(RAR Sfx o)=>RUNME.bat Move failed

AndreiASM

Hi!

All 4 trojans are located inside a self-extracting RAR archive. You have to temporarly deactivate BD real-time protection again, browse to the folder where the archive is located, and delete it manually. Don't forgett to re-enable BD real-time protection after you're done.

Andrei

UnRumble

See that's what I figured but I'm having trouble doing that. After I navigate to C:\Documents and Settings\Ross there is no folder called Local Settings so I am unable to find exactly where it is located. It's quite frustrating, maybe it's something real simple that I'm just not getting for some reason or another. The enclosed picture (if it uploads ok) shows as far as I can go.

UnRumble

Heh oops I forgot that I have 2 monitors so just ignore the 2nd half of that picture

AndreiASM

Even if you posted it here, no one except Virus Researcher will be able to see it.

While browsing to that folder, do the following:

From the window's main menu, select Tools, then Folder Options. Next, click on the "View" tab. Then check the "Show hidden files or folders" radiobutton and uncheck the "Hide protected operating system files", and then "Apply". The folder should be visible now. Delete the file after disabling BD real-time protection, re-activate BD real-time protection, then go again at Folder options, and check the "Hide protected operating system files" and check the "Hide hidden files or folders" radiobutton.

Andrei

Niels

Hello

If you do not want to disable realtime protection than download and use unlocker: http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe

Install it rightclick on the infected files choose unlocker,by action select delete and press on unlock all.

What Andrei said is also correct.

Regards

Niels

UnRumble

Hmmmm, well I've located the files now in that temp folder but I don't know if I want to disable real time protection. As soon as I select the file, bit defender brings up about 50 virus warnings and I don't know if I want to disable protection because I'm unsure what this virus does. I installed that unlocker program but to be honest I don't really know how it works. I tried right clicking on the virus in windows explorer but there is no unlocker selection.

Niels

Hello

You have to navigate : C:\Documents and Settings\Ross\Local Settings\Temp Rightclick on m7wkh00u.exe now you will see a menu where you can choose for properties but normally you will find an item called Unlocker click on it. When you selected it unlocker will start. You have to select delete and press on unlock all.

Here you find the screens that you will see : http://ccollomb.free.fr/unlocker/

Regards

Niels

UnRumble

no see thats the problem. When I right click on the virus file, there is no unlocker selection at all

Niels

Hello

What operating system do you have? Unlocker is compatible with Windows 2000 / XP / 2003 / Vista. Are you the administrator of the computer? Because on a limited account it will not work.

Regards

Niels

UnRumble

Ok I just ended up disabling real time protection and deleting it and so far I think all is good again. Thanks a lot for the help guys, I'll post again if I see any recurring problems.

Niels

Hello

Good to hear that you could delete it. My second suggestion was booting in safe mode and deleting the infected files manually.

Glad that we could help you.

Niels

AndreiASM

Also, glad that we could help you!

Andrei