Help with virus?! Please?!?

Question:

Help with virus?! Please?!?

Christian

2013-02-15 12:40:43 UTC

I found out that there was a virus called Worm:Win32/Vobfus.MD on my flash drive. I first found out that there was a virus when avast! blocked it on my computer, but it didn't give me the name of it. Then I used the flash drive on a school computer and it gave me a "Threat Detected" message and gave me the name of the virus. I looked up instructions on how to manually remove it, tried running virus scans with both of my antivirus softwares (Malwarebytes and avast!, both free versions but legitimate, trust me), both were full system scans. Nothing. So I tried to remove it manually and I couldn't find the random.exe file I was told to remove. So I ran full system scans with both antivirus softwares, this time in safe mode, and still, nothing came up. But I'm now getting more spam emails and my computer's running more slowly than usual so I'm positive it's still on my computer. HOW THE HELL DO I GET THIS ******* DIGITAL DEMON OFF MY COMPUTER?!!! Please, I have a lot of schoolwork and I very badly NEED my computer to keep working.

Also, I'm getting spam emails regarding the same subject from the same person using randomized (like tidinqo@xwynqvtl14.com) but different email addresses. How do I stop them? (Please don't say closing my email account if there's another way).

One more thing: When I used the flash drive on my computer and it was detected by avast! the first time, I figured it deleted it so I used it on my computer again a few days later. The day after that I used it on a school computer and it got detected. That's when I started running the scans.

I'm sorry, I don't normally write questions this long but I need help because I'm in college and I can't afford to have my system torn down by some stupid ***-headed hacker.

Five answers:

anonymous

2013-02-15 14:06:23 UTC

That virus is part of the Win32/Vobfus family. It exploits the vulnrability patched in Microsoft Security Bulletin MS10-046 ( http://technet.microsoft.com/en-us/security/bulletin/MS10-046 )

You either need to reconfigure Windows settings or reinstall Windows if you want to get rid of it. The Win32/Vobfus.MD downloads Win32/Beebone.gen!A which downloads: Win32/Acbot ( http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fAcbot.A ) ,

Win32/Sirefef ( http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3aWin32%2fSirefef ) and

Win32/Vobfus ( http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fVobfus )

There have been security patches released to prevent autorun. I recommend you bring that USB to an uninfected, fully patched computer and format the USB You should back up your important data and reinstall Windows.

If you really don't want to reinstall Windows you should post a topic on ( They have experts working there who will stay with you until every last bit of malware is removed from the computer, it might take a while though. Anyway it will be easier for them to help you if you can reply back to them and vice versa. ) : http://www.bleepingcomputer.com/

If you don't want to do either you should run a scan from a seperate hard drive (or just with an uninfected patched operating system). Here is how to install Ubuntu alongside your Windows: http://pancake.io/7a2ed3/Help/How_To_Install_Ubuntu.html

Here is some antivirus software you can install on Ubuntu (so you can scan Windows): http://opensource-sidh.blogspot.ie/2011/10/top-5-anti-virus-for-ubuntu-free.html

anonymous

2013-02-15 21:02:19 UTC

Try this:

Firstly, boot your computer to the Safe Mode menu screen. You do this by repeatedly pressing F8 as soon as you boot up. Once there, use the arrow keys to highlight Safe Mode with Networking. Continue to boot from there, by pressing Enter. You will now see some drivers being loaded. There will be a pause at some point. This usually lasts for no more than 30 seconds.

If that’s successful, open your browser, copy and paste this link into the address bar and press Enter. It's a direct download for RKill. Save it to your desktop, then run it. It takes just a minute to run. As it's running, any remaining desktop icons will vanish for a few seconds. When the notepad report is displayed, just close it.

http://download.bleepingcomputer.com/grinler/rkill.exe

RKill SHOULD HAVE STOPPED THE INFECTION(S) FROM RUNNING, BUT IT WON'T HAVE REMOVED IT / THEM.

Now download this package.

When you click on the download button, wait for a few seconds and the download box will appear, without you having to enter your name or email address.

Save it to your desktop, unzip it...click on start.exe...then click on Emergency Kit Scanner. Wait for it to open (this may take a couple of minutes), then get updates and run a Deep Scan (the scan may take some time):

http://www.emsisoft.com/en/software/eek/

You should now delete RKill, as updated versions are often made available.

After this, try rebooting normally.

Hope this helps.

alan a

2013-02-15 21:52:37 UTC

You can download a professional PC security system called SuperAntiSpyware.com The website offeres a Free Edition which you can download and install. There are no costs, no spam, no gimmicks, and the product in my opinion is better than Norton or McAfee. Cordially, Mr. Alan Avellar, author on the Yahoo Contributor Network

YiNiX

2013-02-15 20:42:41 UTC

LoL, its wasnt the hacker probably but whatever, i dont know man go on Avira **** Avast, your worm is ******* with Win32 :D

That aint good, i dont know, get a laptop.

Raven2099

2013-02-15 20:42:54 UTC

take your flash drive and reformat it 6 or 7 times that ought to fix it

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese

Loading...