[USB Flash Drive virus]

Hello Majama,

It would be great if you give us more details about ths detection.

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2817

[ESET like...]

Hello Wortex! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

[eset quarantine everything]

can i find which one is the main malware that caused all these system files to infect ?

I'm afraid that it's quite difficult to identify.

According to your log file, your system is infected very seriously. I recommend you go to the second option.

You can make a backup of the data to save photos, videos and documents using Linux LiveCD or USB. You could create one of them from a clean system.

https://help.ubuntu.com/community/LiveCD

hxxp://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows

[eset quarantine everything]

Hello ahmaden,

These answers from Marcos are based to log file that you provided above. According to ESET Smart Security, Win32/Virut.NBP is in an advanced stage, it has managed to reach a number of important system files and damaged them, which has led to many problems both with the stability and performance of your system. For example, here some of them:

 

5/12/2015 7:25:56 PM Startup scanner file C:\Windows\system32\cmd.exe Win32/Virut.NBP virus cleaned - quarantined

5/12/2015 7:25:56 PM Startup scanner file C:\Windows\system32\SystemPropertiesPerformance.exe Win32/Virut.NBP virus cleaned - quarantined

5/12/2015 7:25:55 PM Startup scanner file C:\Windows\system32\rundll32.exe Win32/Virut.NBP virus cleaned - quarantined

5/12/2015 7:25:50 PM Startup scanner file C:\Windows\system32\dllhost.exe Win32/Virut.NBP virus cleaned - quarantined

Specific of this virus except that is file infector, but that is polymorphic. This makes it extremely difficult to clean.

You have two options:

• You could try to clean your system with ESET SysRescue Live as Marcos already recommended.
• You could reformat your system.

About first option, it is important to know that there is no guarantee that all traces of Virut will be removed as they may not find all the remnants.

About second option, reformat your system following these instructions. It is possible to make a backup your information, but skip these file types to prevent re-infection of the system: .exe, .scr, .htm, .php, .asp.

More information about this threat: Win32/Virut.NBP .

If you have any further questions, feel free to ask in this thread.

[windows updates]

Hello Mrzocor,

You could try to reset your Windows Update components, reboot your system and manually check for new updates.

https://support.microsoft.com/en-us/kb/971058

[Maybe False Positive, may it didnt]

Ah you only need to notify me, as he is one of my previous client. Usually i manage it properly, before my previous company alliance broken and he look for other provider. And now he came to me so i shall help him. Any sugestion any way? or i will need to redeveloped back the site?

I'll send you a private message with what I sent them as information.

[Maybe False Positive, may it didnt]

Hello khairulaizat92,

There injected malicious code, and links to a site that is associated with the spread of malicious software. I will contact them to let them know what I found.

https://www.virustotal.com/en-gb/url/7da7833fbf46e5f891ce1038cd2d3a2705081145469c19e00502742acf099f51/analysis/1430811794/

[TOP8844 removal]

Hello tamanduarj!

If it does not work, I recommend manual removal.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.