Author Topic: VBS:ExeDropper-gen, please help!  (Read 13978 times)

0 Members and 1 Guest are viewing this topic.

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #30 on: April 19, 2011, 09:13:48 PM »


I can recommend scan with CureIt  :-\

Ramnit is file infector (virus)
All partitions have infected

another way

Format C and download Avast at the desktop and complete scan HDD

warning

do not touch other partitions
« Last Edit: April 19, 2011, 09:26:37 PM by argus »

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #31 on: April 19, 2011, 09:27:34 PM »
I'll try CureIt, I'm guessing I'm gonna have to flatten it and start again though.

If I do what files are safe to back up and put back onto my newly installed os?

I feel rather deflated at the prospect of a full re-boot, going to have to buy a new OS disc to replace the one I lost aswell erghh,
Thanks for the help

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #32 on: April 19, 2011, 09:36:35 PM »
From the active windows is impossible to clean file infektor  :(

CureIt is a great tool, but the outcome is not a guarantee
« Last Edit: April 19, 2011, 09:39:57 PM by argus »

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #33 on: April 19, 2011, 10:24:22 PM »
Okay Argus, no worries
Cure it doesn't seem to have worked so I think its time to flatten everything.
ERGH!
Thanks for your time

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #34 on: April 20, 2011, 02:52:47 AM »
Ok so I have started to do a boot-time full system scan and my computer is now detecting quite alot of Win32:Ramnit-G virus's this is bad I'm guessing?
No. From the script that argus posted its clear that you were suffering  the same problem as me.

You may well have had a lot of already infected files before you managed to get to the root of this problem. Are you still getting the IEXPLORE.exe processes appearing when you turn on the computer? If not, it would seem that things are going well. If you are, its also possible that a pre infected Rammit file has triggered this once again. Don't give up.

As someone else mentioned, running outdated software i.e. XP SP2 is not a great idea. Its worth mentioning that this all happened for me while running Avast 5.1.889 - since I upgraded to 6.0 this problem, the root of which previously undetected by the scanner, is now coming up as

Win32:Hiloti-AX

(i kept a copy of my fyynaotm.exe file for reference)

Good luck
« Last Edit: April 20, 2011, 03:01:29 AM by Ornette »

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #35 on: April 20, 2011, 09:47:34 AM »
Hi Ornette,
I'll have another crack at it then :)
I'm no longer getting the iexplorer processes, which is good.
I'm going to try Cure it once again, It didn't seem to run properly, should I so it in safe mode?
Thanks

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #36 on: April 20, 2011, 10:33:59 AM »
Safe mode is an option

I'm not an expert on any of these tools, but safe mode you are going to avoid a lot of the loaded drivers that might conflict with it. On the other hand, it will be a lot slower under safe mode.

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #37 on: April 20, 2011, 11:17:00 AM »
Cure it detected no infected files,
my browser is no longer re-directing,
I can access USB memory sticks by double clicking on them rather than having to do: Run... J:
Avast is not detecting anymore virus's...
could this mean I'm safe?

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #38 on: April 20, 2011, 12:01:04 PM »
Re-run DDS

Post DDS.txt back to topic.

To protect against infection USB install this program

http://amf.mycity.rs/programs/mc/mcshield/

exelent program
« Last Edit: April 20, 2011, 12:04:17 PM by argus »

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #39 on: April 20, 2011, 12:02:28 PM »
OK I shall go and do this now. thanks :)
cool I'll use that MC Shield aswell to make sure my usb isn't causing any issues :)
« Last Edit: April 20, 2011, 12:09:40 PM by StefanR »

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #40 on: April 20, 2011, 12:07:14 PM »
MCShield will protect your system and clean USB stick (any worm).

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #41 on: April 20, 2011, 12:38:04 PM »
Ok here is the latest DDS log,
How's it look?

argus

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #42 on: April 20, 2011, 12:43:09 PM »
This is well  :D

It is necessary to uninstall Combofix

Start >> Run

Combofix /Uninstall

Enter

StefanR

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #43 on: April 20, 2011, 12:45:12 PM »
AWESOME! BEST NEWS EVER,
I did notice some processes called httpd or something which I ended, are these a potential problem?
I shall uninstall combofix now :D

Ornette

  • Guest
Re: VBS:ExeDropper-gen, please help!
« Reply #44 on: April 20, 2011, 12:50:28 PM »
http://www.nongnu.org/mini-httpd/

"mini-httpd is a minimalistic web server designed for optimal performance, high security, and as little use of system resources as possible. Unlike most other web servers, mini-httpd does not require more than one process or system thread in order to handle an arbitrary number of requests concurrently."

Ooop

Doesn't sound good...