I am in a very dire situation here, guys. Last Friday, after getting home from my week at lycée, I found out that there was a worm on my computer which was slowly ravaging my system. I tried all sorts of anti-virus software (BitDefender, MalwareBytes Anti-Malware, etc.), but I think it's still on my computer, and I am at an utter loss on what to do. I need your help guys. I'll try my best to describe how the worm got on my computer and what it seems to be doing:
When I got home from lycée last Friday, I turned on my computer, inserted my pen drive (Flash drive for the Americans) and started to browse the stuff I had downloaded over the week.
About 10 to 15 minutes after I had inserted my pen drive, I noticed that the green light on the floppy drive (Yes, my computer has one of those things) at the front started to flash and make whirring sounds every few seconds, even though there was nothing inserted into it. Thinking that it was glitching, I disabled my floppy drive through the Device Manager.
When I reopened my pen drive, I had noticed that a new folder called 'RECYCLER' and 4 blank shortcuts seemingly leading to the Control Panel were created. Seeing as how the latter didn't do anything when I double-clicked on them, I deleted them straight off. However, when I refreshed a few seconds later, both the RECYCLER folder and the blank shortcuts reappeared. I ran a Chkdsk on my pen drive to make sure nothing was corrupted, and it said that it was perfectly fine.
When I glanced inside the RECYCLER folder, I noticed that there were randomly named .exes and .cpl files (The latter seems to be Control Panel extensions), which were being created 1 or 2 every five or ten seconds. Even if I deleted all of them, they would still come back. What I think is happening is an .exe that isn't appearing in the Task Manager is being ran, creating mentioned random .exe, then it runs the new .exe, which in turn creates another .exe, rinse and repeat, which was slowly taking up space on my pen drive. Even if I completely formatted the pen drive, the RECYCLER folder and blank shortcuts would still come up. So I asked my older brother to install MalwareBytes Anti-Malware onto my computer and do a full scan of everything, which revealed around 350 infected files across my computer hard and pen drives, which were promptly deleted and rebooted my computer.
However, when it restarted, it appeared the damage was already done. Not only was my pen drive was seemingly infected, it had now infected my internal hard drive (Luckily, I didn't have my external hard drive connected, which had +200GB worth of files on it). I don't know what the virus was doing to my hard drive, but every time I glanced at the exact free space left on it, it was going down 35 to 70 KB per 5 seconds. It didn't seem to do what it did to my pen drives though (It didn't create the RECYCLER folder, random .exes in it and blank shortcuts). So I cracked out my BitDefender Rescue CD, inserted it and restarted my computer, booting into the CD. From there, I did a full scan, which revealed around 350 infected files on my internal hard drive, most of which seemed to be VERY old .html files that I got years ago and I knew were clean. Because the CD was unable to disinfect them, I had to delete them. I ran another scan to make sure, and this time, it came up as clean. Seeing this, I now checked my pen drive and it reported that the random .exes and .cpl files that were being created were being reported as 'Virus.XGen'. I didn't like the sound of this, so I deleted the infected files straight off and formatted it twice through the CD's format tool into FAT32. Seeing how everything was now coming up clean, I rebooted my computer back into Windows and performed another MalwareBytes scan...
Only to find that the infected files were still there. I deleted them and ran another scan, this time on my pen drive. Despite me purging my system multiple times, it was still generating the randomly named .exes, .cpls and blank shortcuts.
Now at a loss on what to do, I followed this guide (http://malwaretips.com/blogs/malware-removal-guide-for-windows/ ), downloaded all the tools linked in it and followed the guide step-by-step: Rebooting into Safe Mode, using RKill to check for any malware processes it could terminate, etc.
And yet it still didn't fix the problem.
And here I find myself turning to the people I know to help me out. Me and my brother have agreed that if we just couldn't figure out how to remove the virus by this Thursday, he would completely format my internal hard drive and my pen drives and install Windows XP from scratch.
I need your help guys. Please. In case this information helps, I am using Windows XP Service Pack 3.
Question
Clearwater
I am in a very dire situation here, guys. Last Friday, after getting home from my week at lycée, I found out that there was a worm on my computer which was slowly ravaging my system. I tried all sorts of anti-virus software (BitDefender, MalwareBytes Anti-Malware, etc.), but I think it's still on my computer, and I am at an utter loss on what to do. I need your help guys. I'll try my best to describe how the worm got on my computer and what it seems to be doing:
When I got home from lycée last Friday, I turned on my computer, inserted my pen drive (Flash drive for the Americans) and started to browse the stuff I had downloaded over the week.
About 10 to 15 minutes after I had inserted my pen drive, I noticed that the green light on the floppy drive (Yes, my computer has one of those things) at the front started to flash and make whirring sounds every few seconds, even though there was nothing inserted into it. Thinking that it was glitching, I disabled my floppy drive through the Device Manager.
When I reopened my pen drive, I had noticed that a new folder called 'RECYCLER' and 4 blank shortcuts seemingly leading to the Control Panel were created. Seeing as how the latter didn't do anything when I double-clicked on them, I deleted them straight off. However, when I refreshed a few seconds later, both the RECYCLER folder and the blank shortcuts reappeared. I ran a Chkdsk on my pen drive to make sure nothing was corrupted, and it said that it was perfectly fine.
When I glanced inside the RECYCLER folder, I noticed that there were randomly named .exes and .cpl files (The latter seems to be Control Panel extensions), which were being created 1 or 2 every five or ten seconds. Even if I deleted all of them, they would still come back. What I think is happening is an .exe that isn't appearing in the Task Manager is being ran, creating mentioned random .exe, then it runs the new .exe, which in turn creates another .exe, rinse and repeat, which was slowly taking up space on my pen drive. Even if I completely formatted the pen drive, the RECYCLER folder and blank shortcuts would still come up. So I asked my older brother to install MalwareBytes Anti-Malware onto my computer and do a full scan of everything, which revealed around 350 infected files across my computer hard and pen drives, which were promptly deleted and rebooted my computer.
However, when it restarted, it appeared the damage was already done. Not only was my pen drive was seemingly infected, it had now infected my internal hard drive (Luckily, I didn't have my external hard drive connected, which had +200GB worth of files on it). I don't know what the virus was doing to my hard drive, but every time I glanced at the exact free space left on it, it was going down 35 to 70 KB per 5 seconds. It didn't seem to do what it did to my pen drives though (It didn't create the RECYCLER folder, random .exes in it and blank shortcuts). So I cracked out my BitDefender Rescue CD, inserted it and restarted my computer, booting into the CD. From there, I did a full scan, which revealed around 350 infected files on my internal hard drive, most of which seemed to be VERY old .html files that I got years ago and I knew were clean. Because the CD was unable to disinfect them, I had to delete them. I ran another scan to make sure, and this time, it came up as clean. Seeing this, I now checked my pen drive and it reported that the random .exes and .cpl files that were being created were being reported as 'Virus.XGen'. I didn't like the sound of this, so I deleted the infected files straight off and formatted it twice through the CD's format tool into FAT32. Seeing how everything was now coming up clean, I rebooted my computer back into Windows and performed another MalwareBytes scan...
Only to find that the infected files were still there. I deleted them and ran another scan, this time on my pen drive. Despite me purging my system multiple times, it was still generating the randomly named .exes, .cpls and blank shortcuts.
Now at a loss on what to do, I followed this guide (http://malwaretips.com/blogs/malware-removal-guide-for-windows/ ), downloaded all the tools linked in it and followed the guide step-by-step: Rebooting into Safe Mode, using RKill to check for any malware processes it could terminate, etc.
And yet it still didn't fix the problem.
And here I find myself turning to the people I know to help me out. Me and my brother have agreed that if we just couldn't figure out how to remove the virus by this Thursday, he would completely format my internal hard drive and my pen drives and install Windows XP from scratch.
I need your help guys. Please. In case this information helps, I am using Windows XP Service Pack 3.
Link to comment
Share on other sites
14 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now