V.com Virus

Charming
Charming
in Malware talk

hi


few days ago i got a virus make pc act waired ... open the HDD in new window ... cant unhide the files in the driver to see it .... after i updated BD to last DB then BD found it but coudnt delete / fix it ..... then the .exe files start get dmg .... then the boot files gone and i couldnt login to windows any more ..... after i formated my pc b4 i open any HDD (cuz the virus get effected when i do that - Autorun - ) i unhide the files and then opened the HDD .... i found the file name v.com and autorun file near it ... i deleted it and the HDD back to not open in new window ... but the virus already activated again the moment i opened the HDD .... and BD did nothing ... not even warnning ..... now i cant unhide the files in HDD again ...... plz help cuz this virus start share on the network pc's and its getting worth


thanx


Rani

Comments

  • Unknown
    Unknown

    Please submit a scan log so we know what we are dealing with here, or at least give us the detection name and we'll make a removal tool for this malware if one is not already available.

  • Charming
    Charming

    E:\System Volume Information\_restore{468F33AD-F390-48A5-B8F5-3037DB04C3F4}\RP36\A0006496.exe Trojan.Generic.90910 Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP30\A0005467.cmd Trojan.PWS.LMir.ULZ Deleted


    C:\Documents and Settings\A.Sabouni\Local Settings\Temp\help.exe Trojan.PWS.OnLineGames.SQN Deleted


    C:\System Volume Information\_restore{468F33AD-F390-48A5-B8F5-3037DB04C3F4}\RP11\A0001477.exe Trojan.PWS.OnLineGames.SQN Deleted


    C:\System Volume Information\_restore{468F33AD-F390-48A5-B8F5-3037DB04C3F4}\RP12\A0001533.exe Trojan.PWS.OnLineGames.SQN Deleted


    C:\System Volume Information\_restore{468F33AD-F390-48A5-B8F5-3037DB04C3F4}\RP12\A0001534.dll Trojan.PWS.OnLineGames.SQN Deleted


    C:\WINDOWS\system32\amvo.exe Trojan.PWS.OnLineGames.SQN Deleted


    C:\WINDOWS\system32\amvo0.dll Trojan.PWS.OnLineGames.SQN Deleted


    D:\System Volume Information\_restore{468F33AD-F390-48A5-B8F5-3037DB04C3F4}\RP9\A0000734.com Trojan.PWS.OnLineGames.SQN Deleted


    D:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP30\A0005451.com Trojan.PWS.OnLineGames.SQN Deleted


    D:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP31\A0005475.com Trojan.PWS.OnLineGames.SQN Deleted


    D:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP32\A0005549.com Trojan.PWS.OnLineGames.SQN Deleted


    E:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP30\A0005453.com Trojan.PWS.OnLineGames.SQN Deleted


    E:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP31\A0005477.com Trojan.PWS.OnLineGames.SQN Deleted


    E:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP32\A0005550.com Trojan.PWS.OnLineGames.SQN Deleted


    E:\v.com Trojan.PWS.OnLineGames.SQN Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP30\A0005455.com Trojan.PWS.OnLineGames.SQN Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP31\A0005479.com Trojan.PWS.OnLineGames.SQN Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP32\A0005551.com Trojan.PWS.OnLineGames.SQN Deleted


    F:\v.com Trojan.PWS.OnLineGames.SQN Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP30\A0005468.bat Trojan.PWS.OnlineGames.RAB Deleted


    C:\Documents and Settings\A.Sabouni\Local Settings\Temp\dxw.dll Trojan.PWS.OnlineGames.SQS Deleted


    D:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP29\A0005423.com Trojan.PWS.OnlineGames.SQS Deleted


    E:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP29\A0005425.com Trojan.PWS.OnlineGames.SQS Deleted


    F:\System Volume Information\_restore{EEA95F91-7908-4F06-B2DD-2A6FDC656A2E}\RP29\A0005427.com Trojan.PWS.OnlineGames.SQS Deleted


    it say deleted .... but still cant see the hidden files and still the same effect on my pc as b4


    srry for my english

  • Unknown
    Unknown

    I see v.com is already detected so it may be dropped by some other (unfortunately undetected) trojan. I'll need you to please submit a BDAspy syslog and a sample v.com file. There are already tutorials on the forum on how to submit each of these. If you encounter any problems in attaching them please let me know.

  • Charming
    Charming
    I see v.com is already detected so it may be dropped by some other (unfortunately undetected) trojan. I'll need you to please submit a BDAspy syslog and a sample v.com file. There are already tutorials on the forum on how to submit each of these. If you encounter any problems in attaching them please let me know.


    well i did the BDAspy syslog u asked m but when i open it ... it gave me error .. maybe i need somthing special to read it


    here is the XML file .... btw the V.com gone now but the effect still (openning HHD in new window .... cant apply show hidden files .... dumg .exe files )


    thanx

    /applications/core/interface/file/attachment.php?id=1727" data-fileid="1727" rel="">bd_sys_log.zip

  • dodo80
    dodo80

    hello ppl i have this viuers also and realy iam going crazy so if ther's any help to solve this problem please advise

All Time Leaders

Categories

Defenders of the month - March