06-29-09, 07:24 PM
Join Date: Nov 2005
Re: Having fun with "Personal Antivirus"
Originally Posted by TheBigOne
Chance's of Rootkits and other virus still on your system are great Before cleaning you system do a ctrl+alt+del look at your processes, If you see Reader_S or Virut win*32 running don't bother going any futher, backup your data and lowlevel format you drive there no fixed.
Unfortunately, the virus you have infects every .exe and .scr (actually an executable) file on your system, and when you scan with a virus scanner, it will normally delete it as uncleanable. Eventually you end up loosing more and more files. The only viable alternative is to format the system. You will need to backup your important files before a format and reinstall, but you can not backup any .exe or .scr files, because they are infected. And as I already explained, Virut infects every exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.
Now if you don't have this virus and running Windows XP (Running Vista better to do a reload since combofix or most software won't run)
1. Mount the harddrive to another machine delete any 1256hg.exe or any weird .exe in your root directory or system32 folder or run AVG FREE and run full scan it will find them.
2. Put harddrive back into you machine then go to safemode with networking run malwarebytes sure run with no problems, do updates and do full scan.
3. Then download and run Combofix it free.
4. Then download and run a-squared Free 4.5 does better job then most antivirus do full scan.
5. Then type MSCONFIG look at your startup uncheck all unnecessary processes
6. Boot system into normal mode download and run mcafee rootkit detective looks for hidden processes.
7. Deleted any temp files
8. You system sure be fully cleaned and running good.
The PC is back with the owner now (who I don't really care for anyway) But If any bad stuff shows its face I'll be sure to do what you said there.
They'll probably be doing their evil silently though...
2500K 4.7ghz,P8P67Pro,120gb Force3, 8gb Vengeance,R9290,TX850v2,W7HP,LaCie Blue 22" crt COMMODORE 64 Silver Label 1Mhz/128D 4Mhz(Z80)