Log in

View Full Version : Virus help?

03-11-2007, 01:43 PM

So I have a virus that Symantec AV reports as "Downloader" here:

It cannot repair, quarantine, or delete this file and I'm getting notifications about it every couple of seconds.

I tried the following without success:
- Deleting manually
- Safe mode
- Using a System Restore point
- Booting to a Linux rescue cd (cannot mount the partition because its Intel software RAID 0, Linux doesn't support it)

Any ideas? Really bugging me.

03-11-2007, 02:01 PM
Can it not delete it cause the file is in use? Been a long time since i used it but can you force it into DOS and delete it from there? Can't remember if you can delete from there or not... my memory fails =[

Edit: Also if it is putting the file into use as you get into windows you can use Hijack This to delete the process which puts it into use i think =/

03-11-2007, 02:24 PM
I have this operating system called MiniPE-XT that you can run from a CD. With that I was able to delete a file that caused a similar problem. I think MiniPE-XT isn't a free software though so um... *cough*.

03-11-2007, 03:17 PM
Symantec AVNot to derail the topic, but... is that Nortan?

03-11-2007, 03:25 PM
Download 'hirens boot disk v9.1' from any reputable torrent site...has more useful tools than you will ever need...all without going into windows:)

03-11-2007, 03:27 PM
Not to derail the topic, but... is that Nortan?

If there's no further information about this "downloader" virus on the Symantec website, then it's probably quite a new virus. I'd suggest running hijackthis and having a look at the log for anything being loaded into the registries start-up that you don't want to be.

Strange that safe mode didn't work though.

Run a search through the registry for the rogue file?

03-11-2007, 06:29 PM
I used this program that removed a file that was in use a while back


Seemed to work well, but im guessing if the virus you have is a "downloader" the file that is listed is most likely just one part. As soon as you remove one part it will "Download" another part. Had a pretty nasty virus that did this a while back the only cure for it seemed to be a format / reinstall.

Does nortan give you any name of the virus instead of just a file and location?

03-11-2007, 07:25 PM
Headbutt a tunnel through the floor.

03-11-2007, 07:43 PM
Tried using a different AV to get rid of it?

03-11-2007, 09:43 PM
Boot into safe mode with command prompt, this does not load the GUI, and several virsus that still run a safe mode pigiback on the windows shell loading. Seeing as you run this website, I'm assuming your more than capable enough of using the command prompt to delete the file, dos style from there.

03-11-2007, 09:59 PM
Headbutt a tunnel through the floor..

04-11-2007, 01:57 AM
Fixed it eventually with 'Remove File On Boot' in HijackThis.

Thanks for all the suggestions - no boot disk would work as it didn't have the drivers for the software RAID controller, and safe mode command prompt wouldn't work either.

So Valoran wins teh priaz!

04-11-2007, 02:23 AM
you can use Hijack This


04-11-2007, 02:27 AM
Hmm your suggestion wasn't quite there Nightrain, just clicking 'Fix Item' in HT didn't do it:P

Although I appear to be getting spammed with virus infections - in the last 5 minutes:
Virus name: Downloader
File: C:\WINDOWS\system32\fwohbjyg.dll
Virus name: Downloader
File: C:\WINDOWS\system32\itewwmrh.dll
Virus name: Trojan.Metajuan
File: C:\WINDOWS\system32\nxwpwrnc.dll
Virus name: Trojan.Vundo
File: C:\WINDOWS\system32\rypsrawe.dll
Virus name: Downloader
File: C:\WINDOWS\system32\xkkbnywf.dll

Thankfully Symantec AV was able to quarantine them all on detection this time.

And I *think* I may have firewalled the address where they're coming from.

04-11-2007, 02:32 AM
Symantec sucks >.>

04-11-2007, 02:34 AM
I didn't say click "fix item" i said delete the startup process like valoran did ;P

Edit: Stop downloading pr0n, thought you'd have learnt your lesson after the 1st time

04-11-2007, 02:35 AM
Tuniq tower cases sucks >.>


11-11-2007, 05:14 PM
Symantec sucks >.>

12-11-2007, 10:40 AM
Ran a check myself today, found Winexplore (not winexplorer) in my system folder. Seems AVG caught it and quarenteened it before it could do anything. I've just run S&D and AVG's Rootkit, nothing else found.

I hate the fuckers who make these damn malicious things. Bring back hanging!

12-11-2007, 10:52 AM
Headbutt a tunnel through the floor.

Reviews Of Portable Vaporizers (http://vaporizers.net)