TechSpot

Win32/AutoRun.Vb.Cg.worm help hir

By deadman_mustang
Apr 26, 2009
  1. anyone pls pls pls help me hir.. ive already exhausted all that i can do but i cant seem to remove this worm. :dead: it just keeps om popping up but luckily my AV keeps on blocking it.. it's everytime I oen an application that this pops up.. pls helpme.. hirs the log of my AV.
    ++
    View attachment log.txt
    ++
    hope to hir from you guys tnx. :D
     
  2. B00kWyrm

    B00kWyrm TechSpot Paladin Posts: 1,436   +37

    Hello Deadman...
    Start at the top... read Julio's stickies first (all three)... then if you want to proceed with cleaning, follow the 8 steps exactly.
    You will need to uninstall your current AV (if it is not Avira...) and
    Run Avira.... Avira is both free and one of the very best.

    Repost if you have difficulties following the steps.

    Note for other readers...
    I am no longer advising this way, re: Avira... So I have changed the color.
    Counsel to uninstall and change AV should only be done by one of the experts...
    (Like Touch!) at their discretion.
     
  3. deadman_mustang

    deadman_mustang Banned Topic Starter

    sorry posting the results now..
     
  4. deadman_mustang

    deadman_mustang Banned Topic Starter

    scan logs...

    here they are.. pls help.. :dead:
     
  5. touch

    touch TS Rookie Posts: 978

    Please download http://jpshortstuff.247fixes.com/FileLook.exe
    by jpshortstuff and save to your Desktop.
    Double-click FileLook.exe to run it.
    Important! If using Windows Vista, be sure to Run As Administrator.
    Ensure that BBCode Ouput is checked. Copy and paste everything in the below quotebox into it under FileLook by...

    Click the FileLook button to start the scan.
    When finished, Notepad will open with the results of the scan in a text file named fl_log.txt which will automatically be saved to the root of your system drive.

    (Typically C:\fl_log.txt)
    Please attach the contents of this log in your next reply.
     
  6. deadman_mustang

    deadman_mustang Banned Topic Starter

    hey touch,

    tnx for the quick reply. i did what you asked me to do and results into this: (see attached file)
    im using windows xp sp3 by the way and i am running under Administrator.
     
  7. touch

    touch TS Rookie Posts: 978

    That´s odd.

    Please upload and have this file scanned:
    C:\Program Files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
    Here
    http://virusscan.jotti.org/

    Attach back the result
     
  8. deadman_mustang

    deadman_mustang Banned Topic Starter

    here you are sir.. (see attached file)
     
  9. touch

    touch TS Rookie Posts: 978

    Thanks.

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  10. deadman_mustang

    deadman_mustang Banned Topic Starter

    ok. here it is.. that actually scared me i thot it was gonna do sumthing on my pc. haha. oh well.. :D
     
  11. touch

    touch TS Rookie Posts: 978

    Open notepad and copy/paste the text in the codebox below into it:
    Name the file as CFScript
    and Save it on the desktop

    Code:
    Killall::
    Snapshot::
    File::
    F:\gi2ky.exe
    FileLook::
    c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe
    c:\windows\system32\GameMon.des 
    Driver::
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75c72229-0707-11de-afb5-001d7dcfbbc6}]

    http://www.fromsej.saknet.dk/billeder/cfscript.gif

    Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
     
  12. deadman_mustang

    deadman_mustang Banned Topic Starter

    here it is.. and thank you very much sir for your precious time. it really helps.. :D and by the way that thing that kept popping up the autorun thing its now gone, my av doesnt detect it anymore.. :) anyway here is the log that you ask of me.
     
  13. touch

    touch TS Rookie Posts: 978

    It looks clean.

    However, it looks like ESET are a cracked version:
    --- c:\program files\ESET\ESET Smart Security\NodEnabler\NodEnabler.exe ---
    Company: !DOESN'T APPER TO EXIST IN FILE! ERROR: 1813
    File Description:
    File Version: 3, 3, 0, 0
    Product Name: !DOESN'T APPER TO EXIST IN FILE! ERROR: 1813
    Copyright: !DOESN'T APPER TO EXIST IN FILE! ERROR: 1813
    Original Filename: !DOESN'T APPER TO EXIST IN FILE! ERROR: 1813

    I´ll therefore recommand you buy it, or use a Freeware Antivirus
     
  14. deadman_mustang

    deadman_mustang Banned Topic Starter

    oh.. so that's what cause the AutoRun virus huh. well yea i might as well do that. and yes its a cracked version. oh well.. thank you very much kind sir. for yer help.. :D you rock! thumbs up to you sir! :D thanks again. :) cheers! :D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...