Solve : Hosts file, autoplay, startup, & msmessenger p? – InterviewSolution

1.	Solve : Hosts file, autoplay, startup, & msmessenger p?
Answer» Hi! I'm looking for some help. A few DAYS ago, I worked on a friends computer. She was having trouble with varius viruses/malware. So, I did all the normal stuff. (Anti-virus, ad aware, spybot...) It seemed as though I had everything fixed. So, I burned a CD off her computer. Well, her computer copied SOMETHING extra onto the CD. (I believe this was done through "autoplay.exe") I took the CD home, and used it on my personal computer. After that, my computer started to act strangely. Doing much of what my friend's computer was doing. (see below for more details on that) So again, I tried all the normal things. (Using a seperate comp to access the internet safely, and DL all the newest SOFTWARE updates) To no avail. Thus, I have come here for help. Symptoms: 1) Hosts file has been re-written to direct all traffic to 64.233.167.104; I can change the file, but it just changes back after a few minutes. 2) Just after booting into Windows, the startup files are altered. (My security programs alert me) It gives up after an hour, but will periodically try to add files to startup. I didn't write the names of the files down but something like: formatsys, serbw, & itwol. 3) Whenever I insert a CD into my CD writer drive, my comp caches "autoplay.exe" & "autoplay.inf" and informs me that I have files 'waiting to be written to disk'. I suspect this contains the virus/worm/whatever it is. As a result, my file browser keeps crashing. 4) Msmessenger was[/b] deactivated. However, this 'virus' has caused it to come back. Furthermore, while it runs, I cannot bring up task manager. (It closes as soon as it is opened) Luckily, I have WinPatrol which allowed me to circumvent this issue. 5) I tried "safe mode". It does nothing but crash the comp. I can't do ANYTHING in "safe mode" without it crashing. System info: HP Desktop Windows XP Home SP1 (haven't been online with this comp in a while) 512 MB RAM 2500 Athalon (2.08 GHZ) -Dudeman :-? P.S. I can PROVIDE more info if needed!Well, I did some net-searching, and discovered that I do in fact have a virus/worm. The symptoms match, and I have a fix now. If anyone else has the problems listed above they can probably fix it with... http://securityresponse.symantec.com/avcenter/FixSflog.exe I'll update if this doesn't work... -DudemanBest of luck. Just in case, when you're done, you might want to post a HijackThis log over on the viruses board for everyone to TAKE a quick look at.

Discussion

No Comment Found

Related InterviewSolutions