setup.exe & autorun.inf files

[nad]

Hi guys,

I read ds_pandit's thread and I seem to have the same problem. setup.exe and autorun.inf just keeps appearing in my root directories. I tried various virus programs and nothing picks up whatever is creating these files. At the moment I am running Zone Alarm and Kaspersky. I have been struggling with this beast for over a month and have lost masses of data. Any help would be greatly appreciated.

I attached my HJT log as ds_pandit did

Thanks in advance

 

[howard_hopkinso]

Your HJT log is clean. However, we need to run some checks on your system.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix and AVG Antispyware logs as attachments into this thread, only after doing the above.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

setup.exe & Autorun.inf issue

Hi Howard

Thanks for the quick response. I completed the instructions you sent me and attached the three logs you requested.

Thank you so much for the help!!

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Your HJT log is clean.

Combofix killed a couple of files and now your system looks clean.

How is your system running?

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

setup.exe & Autorun.inf issue

Hi Howard
My system is still a bit ill I'm afraid. The problems I am still encountering are as follows:
- The setup.exe files seem to be gone but the autorun.inf files are still appearing.
- Kaspersky keeps popping up warning me about svchost which it sees as an invader.
- My system is battling to start up. I wait for about ten minutes before I can even attempt to do anything. The system is also extremely sluggish.

Thanks again for your advice so far. I really appreciate the help

Regards
Nad

 

[howard_hopkinso]

Ok, try this. Download and run the trial version of Spy sweeper and see if that finds anything.

Let me know the results please.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

setup.exe & Autorun.inf issue

Hi Howard,

The setup.exe files are back. Kaspersky finds it and identifies it as "trojan-downloader.win32.agent.aii"

Kaspersky allows me to delete the setup.exe it creates but I don't know how to find this thing that's causing it

Thanks a lot

Nad

 

[howard_hopkinso]

Go HERE and follow the instructions for running SmtiFraudfix.

Then, run the SpySweeper scan.

Then, locate and delete these files if there.

C:\Setup.exe
C:\Documents and Settings\All Users\Documents\setup.exe

Let me know the results please.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

Hi Howard

Did as you said. Spysweeper turned up two cookies which I deleted. The only setup.exe that I found of 23kb was in the system 32 directory. I deleted that.
Problem stilll persists.

Thanks

Regards Nad

 

[howard_hopkinso]

It seems the your trojan infection is a new variant. See HERE.

Unfortunately, I can`t find any useful info for removing it. That leaves you with two rather unpleasant choices. Leave it until a cure is found(not recommended) or reformat.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

Hi Howard

I have reformatted but this beast seems to be hiding in my data. As soon as I put my data back it returns. As a musician I really need the data.

Sorry to bug you one more time but I just want to know one thing. As the setup.exe gets created Kaspersky pops up one by one and allows you to delete them. Do you know of any software (like snoopdos on the old Amiga) that will allow me to see what's happening as they get created so that I can trace the source.

Thanks once again for all your help.

Regards Nad

 

[howard_hopkinso]

Download the Autoruns programme from HERE. When the programme runs, click options and make sure the "Hide Microsoft Entries" is ticked. Click the file menu and select refresh. Click the save icon and save the Autoruns log to wherever you want.

Attach the Autoruns log here.

I`ll take a look and see if I can find anything.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

setup.exe & autorun.inf issues

Hi Howard

Thanks for that. Here's the log you requested.

Regards
Nad

 

[howard_hopkinso]

Unfortunately, your Autoruns log doesn`t reveal anything nasty.

To be quite honest, I`m really not sure where to go from here. All I can suggest is you reformat again and only install legit applications and test your system, until you discover which programme is causing the problem. Another thing you can do, is scan your programme cd`s to try and find out which programme is the culprit.

Regards Howard

This thread is for the use of nad only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[nad]

Thank You so much. I shall do that.

Kind Regards
Nad