Guest Tony Posted June 28, 2013 Share Posted June 28, 2013 how can i delete this virus ? My processor was in 100% , because the process was active ( melodii.exe.mp3 ) This virus are multiplying my files.. : example I got a file named Tony.mp3 It will multiplycate it in tony.mp3.exe with a .bat photo ! I need some help P.S. I have 12000 threats .. help me. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted June 28, 2013 Administrators Share Posted June 28, 2013 Is the threat detected by ESET ? Please create a SysInspector log and submit it along with the "Detected threats" log and a link to this thread to ESET as per the instructions here. Link to comment Share on other sites More sharing options...
Guest Tony Posted June 28, 2013 Share Posted June 28, 2013 Link to comment Share on other sites More sharing options...
Guest Guest Posted June 28, 2013 Share Posted June 28, 2013 hxxp://i40.tinypic.com/b5lglv.jpg here is the notification Link to comment Share on other sites More sharing options...
Guest Tony Posted June 28, 2013 Share Posted June 28, 2013 UP Link to comment Share on other sites More sharing options...
Guest Tony Posted June 28, 2013 Share Posted June 28, 2013 Hey there... i really need help... Link to comment Share on other sites More sharing options...
Former ESET Employees marty_c 30 Posted June 28, 2013 Former ESET Employees Share Posted June 28, 2013 (edited) Hi. If you are certain that your computer is infected, try completing our Preliminary Malware Troubleshooting, which includes gathering the logs that @Marcos mentioned above. Edited June 28, 2013 by mceisel Link to comment Share on other sites More sharing options...
Void 4 Posted June 28, 2013 Share Posted June 28, 2013 Probably a new threat which creates files that are detected... You have to stop it from running - check registry by typing in Run - regedit. Check HKCU/Software/Microsoft/Windows/CurrentVersion/Run HKLM/Software/Microsoft/Windows/CurrentVersion/Run HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Svchost or Startup folder. I would do it in Safe mode. To get your computer in Safe mode restart your computer and press F12. Select Safe mode with networking and log into your account and try deleting this threat. If ESET didn't remove infected files do it yourself by copying other files in other folder. Use a simple batch program to delete: @echo off echo Are you sure you want to delete files? Y/N set /p ans=Ans: if ans==Y goto :Y if ans!=Y exit :Y delete /f /q *.* echo Files have been deleted. pause Copy this in Notepad and save it in the folder with infected files. Give it a .bat extension. Hope you understood this. You should report this as a new threat to the ESET staff. Try doing a ESET SysInspector snapshot and post it here. Link to comment Share on other sites More sharing options...
Guest Tony Posted June 29, 2013 Share Posted June 29, 2013 Hey Void , i think i stopped it from run :-?? Because it was a task in task manager with 100% processor , and i deleted it and my processor was in 3% after deleting the process .. but now i have 12000 multiplications.. what i need to do ? I will come with edit wit the sysinspector snapshot there. Thank you. Link to comment Share on other sites More sharing options...
Void 4 Posted July 2, 2013 Share Posted July 2, 2013 Are the fake files in all folders or only on Desktop , C and D? As I said create a new folder and get your original files there.Compile in Notepad and get it into the folder with the unwanted files and run it. Type Y to delete all files in the folder. If you want a more detailed program tell me in what folders these files exist. Did the malware change any data such as Start page in browser? You can compile the following simple code by copying it into Notepad. Then click "Save as" and save it in the folder with the files with a name removal.bat @echo off echo Are you sure you want to delete files? Y/N set /p ans=Ans: if ans==Y goto :Y if ans!=Y exit :Y delete /f /q *.* echo Files have been deleted. pause Link to comment Share on other sites More sharing options...
Recommended Posts