Avast WEBforum

Other => Viruses and worms => Topic started by: thurmbo on October 14, 2008, 08:13:28 AM

Title: b.exe, and virus remover 2008 (virus)
Post by: thurmbo on October 14, 2008, 08:13:28 AM

This virus called (virus remover 2008) installed the following executable that I can't get rid of.

b.exe

...which I can see in my system processes (in Task Manager). It also installed an icon in my windows system tray which periodically activates on its own saying that I have a security problem, then tries to launch a system scan automatically. If given a chance to activate, it creates major havoc for you and your computer.

Ending the process in Task Manager only works for a few minutes. It automatically starts back up again.

Updating Avast database and running a scan did not identify any viruses on my computer, yet it IS there. I also ran Spybot and Ad-aware, which were also unsuccessful in locating any malware/trojans etc.

Does anyone know how to get rid of this virus?

Thanks a bunch!
Greg T.

Title: Re: b.exe, and virus remover 2008 (virus)
Post by: Spiritsongs on October 14, 2008, 06:57:15 PM

 :)  Hi :

 You do NOT have a "virus", but what the malware-fighting "community" calls
 a "Rogue" ; the PRIMARY program used against this is the FREE Malwarebytes
 Anti-Malware from www.malwarebytes.org/mbam.php .

Title: Re: b.exe, and virus remover 2008 (virus)
Post by: thurmbo on October 14, 2008, 07:28:59 PM

Spiritsongs,

I owe you... BIG-time !!!

I downloaded the www.malwarebytes.org/mbam.php and it found the "rogue" which nothing else I tried was able to.


Thank you (very much) for saving my arse.


~Greg

Title: Re: b.exe, and virus remover 2008 (virus)
Post by: Lisandro on October 15, 2008, 12:59:55 AM

To be sure you're clean, I suggest:

1. Clean your temporary files.
2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! (http://www.freedrweb.com/cureit/) instead.
3. Use SUPERantispyware (http://www.superantispyware.com), MBAM (http://malwarebytes.org/mbam.php) or Spyware Terminator (http://www.spywareterminator.com/) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
4. Test your machine with anti-rootkit applications (http://www.antirootkit.com/software/index.htm). I suggest avast! antirootkit (http://files.avast.com/files/beta/aswar.exe) or Trend Micro RootkitBuster (http://www.trendmicro.com/download/rbuster.asp).
5. Make a HijackThis (http://www.bleepingcomputer.com/files/hijackthis.php) log to post here or this analysis site (http://www.hijackthis.de/#anl). Or even submit the RunScanner (http://www.runscanner.net/) log to to on-line analysis.
6. Disable System Restore and then reenable it again.
7. Immunize your system with SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html) or Windows Advanced Care (http://www.iobit.com/AdvancedWindowsCarePersonal/index.html).
8. Check if you have insecure applications with Secunia Software Inspector (http://secunia.com/software_inspector/).

Title: Re: b.exe, and virus remover 2008 (virus)
Post by: specfu on November 06, 2008, 04:53:15 PM

how do we do a startup scan?...i cant seem to find it?

Title: Re: b.exe, and virus remover 2008 (virus)
Post by: DavidR on November 06, 2008, 05:21:30 PM

If by start-up scan you meen item 2. boot-time scan, then - If you have XP, vista32bit or Win2k, you could enable a boot time scan. Right click the avast icon, select Start avast! Antivirus, a memory scan will take place followed by the opening of the Simple User Interface, Menu, 'Schedule boot-time scan...' Or see http://www.digitalred.com/avast-boot-time.php (http://www.digitalred.com/avast-boot-time.php).