pbudsara.exe NEW VIRUS ??

[drdimento]

Avast has found a virus entitled "pbudsara.exe" which apparently originated from China (see link)

http://www.threatexpert.com/report.aspx?md5=f87ea91860680a40fe4f481ded44a4da

And the virus passes through every computer on a network, Trojan's onto ever HDD and into the computer's registry.

PROBLEM, Avast finds it and asks me if I want to delete it and/or put it in the vault and I have tried both processes and yet the virus is still there and on doing a search in Windows for the viruses name and nothing comes up.  However, I clear the vault or delete the virus via Avast then when I'm all done, reboot the computer and do another full scan or even just scan the discs individual via the right click "Scan" method and either way the virus keeps coming up found.

Please help as it has now infected everyone's computer on our network (5 altogether).

Thanks in advance for any and all who respond.

[essexboy]

First is it possible to isolate the computers on the network ? As this will require a clean one at a time approach

To ensure that I get all the information this log will need to be uploaded to Mediafire and post the sharing link.

Download OTL  to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\eventlog.dll /s
  %systemroot%\system32\scecli.dll /s
  %systemroot%\netlogon.dll /s
  %systemroot%\system32\cngaudit.dll /s
  %systemroot%\system32\sceclt.dll /s
  %systemroot%\ntelogon.dll /s
  %systemroot%\system32\logevent.dll /s
  %systemroot%\system32\drivers\iaStor.sys /s
  %systemroot%\System32\drivers\nvstor.sys /s
  %systemroot%\system32\drivers\atapi.sys /s
  %systemroot%\system32\drivers\IdeChnDr.sys /s
  
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    

[polonus]

Download OTL to your desktop  from here: http://oldtimer.geekstogo.com/OTL.exe  
Double click the file to run it. Make sure other windows are closed, so the scan can be performed without a break. When a window is being shown under Output at the top, change this into Minimal Output.
Tag the following options: LOP Check en Purity Check.
Now click the Run Scan button. Do not change any settings until we say so. The scan will not take much time.
Whenever the scan has been performed two notepad txt files open up: OTL.Txt and Extras.Txt. These are saved at the same location as OTL.
Copy - select all - copy the contents of these files and post them as attached files with your next posting.

The procedure after this is as follow After the logs- In the white window at the bottom - Custom/Scans/Fixed with OTL you will paste a fix we shall provide you with.
Then you can run the fix and restart if necessary.
Then we will ask for a new logfile txt as an attached txt file.

If this cleansing has been performed - you can disinfect your USB stick using Flash Disinfector from here:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Then we clean up after OTL - in OTL click CleanUp.
You can finish off running a complete and full MBAM scan - download from here: http://www.malwarebytes.org/mbam-download.php

So first we will get your OTL.Txt and Extras.Txt

polonus

[emantoyaks]

@drdimento

It uses "Autorun.inf" the best solution is Download my simple tools to avoid Autorun viruses:

http://www.4shared.com/file/113001754/f935efec/USB_Protector.html