Packer.malware.nsanti.i

DanielYeo

Hello, I just got Bitdefender as my computers have viruses for the first time. Norton could not get rid of them.

I just cleaned my desktop of Win32.Elkern.C, then connected my external USB drive (which is probably infected from downloading important files from my infected laptop) to my desktop to scan using Bitdefender.

After opening the USB drive from "My Computer", the virus warnings pop up (maximum of 2 times). As I open sub-folders, no more such warnings.

The file is in: File c:\documents and settings\daniel yeo\local settings\temp\uon79.dll

infected with Packer.Malware.NSAnti.I

I can't copy it to Quarantine (says it cannot complete the action).

I can't manually delete it from windows or from command prompt using ms-dos.

I can't rename it. I know it's there because the first time I tried to drag and drop a dummy file I renamed as "uon79.dll" onto the folder, it asked if I wanted to replace the existing file (which was sized as 315kb). It was created at the same time as when I connected up my USB drive.

Could you please tell me how to:

1. Get rid of the virus from my desktop

2. Find and get rid of the virus from my USB drive - running Bitdefender does not find anything!

Thanks!!

Niels

Hello DYeo

Could you please try this: Go to start,my computer,go to the tools menu,folder options,display/view check the option show hidden files and folders and uncheck hide protected operating system files press on apply and ok.

Delete also the autorun.inf and everything that has uon79 in the name.

Now use the windows search option: win+F (press the windows button together with the F button), all files and folders,search in my computer,check every option under advanced options/settings,use these search terms:

uon79.*

autorun.inf

If found delete them.

Best regards

Niels

DanielYeo

Thanks Niels!

I'll try that as soon as I can.

However, I've been trying to unhide those hidden files and folders and system files etc, but everytime I select it, or "apply" it, no hidden files are displayed. When I check the folders options menu again, the checkboxes are back to the usual hidden status.

Also, Bitdefender identified an infected file in my external USB drive in the root folder: F:\ntde1ect.com

What is the ntdetect.com file for and how do I restore it if it's been damaged? Bitdefender cleared it from my desktop after I connected my USB drive. I'm going to try to reconnect the USB drive and see if the infected file is still there.

Cheers.

DanielYeo

Many thanks Niels, for your advice! It was spot-on. I cleared all the NTDE1ECT.com and Autorun.inf and uon79.dll files from my computers and USB drives. I've sent them to BitDefender labs for analysis.

BTW, what is NTDETECT.COM for? I could not access my drives from Win XP folder views (although accesible via command prompt) until I copied NTDETECT.COM into the root drive of each USB drive.

Cheers,

DYeo

Niels

Hello DYeo

Glad that I could helped you.

That is an important windows file. Here some information.

But ntde1ect.com was not an original windows file.

Malware uses misspelling to let people think that it are operating system files which they aren't.

Best regards

Niels