Jump to content

Win32/VB.Trojan

Guest Tony

By Guest Tony
in Malware Finding and Cleaning

 Share

Recommended Posts

Guest Tony

Guest Tony

Posted
Posted

how can i delete this virus ? My processor was in 100% , because the process was active ( melodii.exe.mp3 )

 

This virus are multiplying my files.. : example

 

I got a file named Tony.mp3

 

It will multiplycate it in tony.mp3.exe with a .bat photo !

 

I need some help

 

P.S. I have 12000 threats .. help me.

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 4,935

Posted
  • Administrators
Posted

Is the threat detected by ESET ? Please create a SysInspector log and submit it along with the "Detected threats" log and a link to this thread to ESET as per the instructions here.

Link to comment
Share on other sites
Void

Void 4

Posted
Posted

Probably a new threat which creates files that are detected... You have to stop it from running - check registry by typing in Run - regedit. Check HKCU/Software/Microsoft/Windows/CurrentVersion/Run

HKLM/Software/Microsoft/Windows/CurrentVersion/Run

HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Svchost

or Startup folder. I would do it in Safe mode. To get your computer in Safe mode restart your computer and press F12. Select Safe mode with networking and log into your account and try deleting this threat.

If ESET didn't remove infected files do it yourself by copying other files in other folder.

Use a simple batch program to delete:

@echo off

echo Are you sure you want to delete files? Y/N

set /p ans=Ans:

if ans==Y goto :Y

if ans!=Y exit

:Y

delete /f /q *.*

echo Files have been deleted.

pause

 

 

Copy this in Notepad and save it in the folder with infected files. Give it a .bat extension.

Hope you understood this. You should report this as a new threat to the ESET staff.

Try doing a ESET SysInspector snapshot and post it here.

Link to comment
Share on other sites
Guest Tony

Guest Tony

Posted
Posted

Hey Void , i think i stopped it from run :-?? Because it was a task in task manager with 100% processor , and i deleted it and my processor was in 3% after deleting the process .. but now i have 12000 multiplications.. what i need to do ?

 

I will come with edit wit the sysinspector snapshot there.

 

Thank you.

Link to comment
Share on other sites
Void

Void 4

Posted
Posted

Are the fake files in all folders or only on Desktop , C and D? As I said create a new folder and get your original files there.Compile in Notepad and get it into the folder with the unwanted files and run it. Type Y to delete all files in the folder. If you want a more detailed program tell me in what folders these files exist. Did the malware change any data such as Start page in browser?

You can compile the following simple code by copying it into Notepad. Then click "Save as" and save it in the folder with the files with a name removal.bat

 

 

 

 

 

 

 

@echo off

echo Are you sure you want to delete files? Y/N

set /p ans=Ans:

if ans==Y goto :Y

if ans!=Y exit

:Y

delete /f /q *.*

echo Files have been deleted.

pause

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...