Yesterday night I was installing a program and I clicked the wrong setup .exe or something which made my computer vulnerable I think (this is just speculation). Anyways my computer got viruses, im not sure how many but there were two very visible ones. One of them hijacked my desktop and changed it with a message saying "your computer is infected with viruses and stuff" and another was a virus scanner doing a scan. In addition, the viruses prevented me from opening any programs and disabled regedit and my system restore (im not sure if thats all they disabled). whenever I opened a program there would be a error message at bottom right saying "that file is infected and cannot be opened." However, I was able to access malaware and superspyware free edition in safe mode and did a scan for all viruses, etc. on my drives before i formatted. After I formatted, 20ish minutes after I was connected to the internet and installing programs i suffered the exact same viruses and symptoms as before. what first happens is a install prompt appears asking if i want to install some program (can't remember the name of it). then 4 files appears on a drive (i was able to delete them though) and then all hell breaks loose and the bigger viruses come in. I am then unable to do anything because of the infected files stopping me from opening programs. Now i reformatted again, my internet is disconnected, I am running super spyaware free edition and malaware scans over my entire harddrives and planning to install smitfraud and adaware after the scans are finished to do another scan. Is there anything else I can do to ensure that my computer will not get infected again? Perhaps theres a really good antivirus program that has a trial (i used bitdefender and kaspersky's trial already)Atm, the scans are picking up nothing, if so how am i getting infected by a virus?? thx for reading this.
First get Returnil it's free. Nothing virus/spyware/trojans will defeat this program. I think the website your going to is suspect and keeps reinfecting you. Since you say your computer is clean right now. Only install the following software. 1. firewall any good inboard/outboard protection (zonealarm free or something similar) 2. avg 8.5 free antivirus 3. Use firefox 3.0 or above browser (this is very important) If you are using internet explorer that's how you are getting infected. Any virus that goes through IE goes straight to the registry. 4. Use returnil anytime you are on the internet/opening suspect exe files or email. If you have returnil enabled, you can go back to that website, if it infects you again just reboot your computer and your as good as new. Returnil makes your computer a virtual computer (this means your computer runs from memory, nothing is written to the hard drive. If you get infected it happens in the virtual world). With returnil you can surf anywhere you want, I encountered those "your computer is infected messages" but it doesn't affect firefox or the computer. Returnil is what you need and don't use internet explorer. http://www.majorgeeks.com/Returnil_Virtual_System_Personal_Edition_d5702.html Also make an image backup of your current clean computer, that way you don't have to reinstall windows, just restore it. Macrium reflect is a good free imaging software.
Haven't seen the bot script that writes to %systemroot%\system32 eh? .. bypasses returnil like it isn't there. You have a macrovirus.. Something I'm familiar with because I use them to install rootkits and botnet software. They work like any other installer.. they hunt for specific dll's and modify them so they run every time they are called. I'm guessing you have one which has attached itself to explorer.exe (even running a virtual machine if the script is clever it WILL write to the hdd.. usually dumping itself into the pagefile with a run on boot flag in the registry.. then it waits for a "friendly" driveby flash ad or similar on a site.. which it has tagged for a redirect) That's enough of that.. too many botfarmer secrets there. You need to run killdisk and clean that drive.. you have a small hidden partition with malware lurking in the unpartitioned space that xp leaves on every drive (why??.. I don't know why it's such a crappy partitioner) and that's why it's coming back all the time.. use that space.. I format it fat32 and use those few megs like a flash drive or for old things that like a fat32 filesystem... get a proper partitioner.. gparted is good.. and use all the drive.. after a killdisk and reinstall session... formatting doesn't remove data.. just the file table.
