Video Screencast Help
Security Community Blog

Virus in my computer

Created: 19 Apr 2009 • 7 comments
Peter_007's picture
+2 2 Votes
Login to vote

My computer is suffered by virus which goes on creating .exe files of folder name inside the folder
It also cuurpted my antivirus
It slowed down my pc
regsvr proces is consuming more cpu memory

Please help me out

Comments 7 CommentsJump to latest comment

BNH's picture

Submit the created .EXE file to Symantec submission site and see what the reply back is.
It is probably another variant of a W32.Silly family.

Disable autorun by using steps in KB http://service1.symantec.com/SUPPORT/ent-security....

Do post back on how you go.

-- Got new virus ? Try update your defs here : ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rap... --

+3
Login to vote
Ajit Jha's picture

Hi

Update ur Windows and Antivirus as well and scan ur full system in safe mode with LAN detatched

Regard's

Ajit Jha

Technical Consultant

ASC & STS

-1
Login to vote
anjansarkar83's picture

download Combofix:
Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix...

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..

-1
Login to vote
Peter_007's picture

Thanx BNH
It was win sillyfdc
The stuff was really important
 

-1
Login to vote
BNH's picture

Hi Peter,

Glad we can help.
If the folders are hidden, you can restore it back by using DOS attrib command on the root of the folders hidden.

attrib -h -s * /s /d

-- Got new virus ? Try update your defs here : ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rap... --

-1
Login to vote
sbertram's picture

Hi did you run any free online scanners.  One you can run is from Trend Micro called House call, link is below.  See if that cleans up the mess.
Good luck.
http://housecall.trendmicro.com/

-1
Login to vote
bad-isotope's picture

deleted

-1
Login to vote