My computer is infested with this Backdoor.irc.bot virus.
Although I could downlaod the Virus definitions and run a
Symantec Scan, I am unable to remove the virus. The
messge I get is that the WindowsSystem32.XXX file is
infested and the permissions are denied.
Also, as of yesterday, the Symantec website does not get
loaded and it takes to some vague sites.
How can I remove this virus and clean my system.
Thanks
Manish
Manish,
Sounds like you may have multiple infections, including a browser or dns hijack.
The hijack apparently interferes with your ability to access websites. You may
have to resolve the ip addresses manually to get the tools to find and remove
the infection.
All-NetTools and DNSStuff websites both help you resolve (lookup) addresses.
<
http://www.all-nettools.com/toolbox> (Use NSLookup)
<
http://216.92.207.177/toolbox>
<
http://www.dnsstuff.com/> (Use Ping)
<
http://69.2.200.183/>
Install and run Stinger.
<
http://us.mcafee.com/virusInfo/default.asp?id=stinger>
Search your entire system drive, including hidden and system folders, for file
"hosts". There is one legit copy, in C:\WINDOWS\system32\drivers\etc\. The
others are possibly bogus, and part (but just part) of the problem. Examine the
contents of each copy found, using Notepad. (HINT: Scroll to the end of each
Hosts file, by hitting Ctrl-End, then back up to the top, page by page, before
deciding that the file is empty. Look out for blank lines at the beginning and
end of the file, after localhost, placed there by an exploit!)
Try one or more of these free online virus scans, which should complement NAV:
<
http://www.bitdefender.com/scan/license.php>
<
http://www.pandasoftware.com/activescan>
<
http://www.ravantivirus.com/scan/>
<
http://security.symantec.com/ssc/home.asp>
<
http://housecall.trendmicro.com/housecall/start_corp.asp>
Now check for, and learn to defend against, additional problems. Have you
downloaded these programs before? Download them again, as the latest version
may be needed to keep up with the current level of malware being attempted
constantly - get the absolutely most current version of each product listed.
They're all free - and most pretty small, so they download quickly enough.
Start by downloading each of the following free tools:
AdAware <
http://www.lavasoftusa.com/>
CWShredder <
http://www.majorgeeks.com/download4086.html>
CoolWWWSearch.SmartSearch (v1/v2) MiniRemoval
<
http://www.majorgeeks.com/download4113.html>
HijackThis <
http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix and WinsockLSPFix <
http://www.cexx.org/lspfix.htm>
Spybot S&D <
http://www.safer-networking.org/index.php?page=download>
Create a separate folder for HijackThis, such as C:\HijackThis - copy the
downloaded file there. Spybot S&D has an install routine - run it. The other
downloaded programs can be copied into, and run from, any convenient folder.
Start by closing all Internet Explorer and Outlook windows, and running
CoolWebSearchSmartKillerMiniRemoval, then CWShredder. Have the latter fix all.
Next, run AdAware. First update it ("Check for updates now"), configure for
full scan (<
http://www.lavahelp.com/howto/fullscan/>), then scan ("Start" - "Use
custom scanning options" - "Next"). When scanning finishes, select everything,
and hit Next again.
Next, run Spybot S&D. First update it ("Search for updates"), then run a scan
("Check for problems"). Trust Spybot, and delete everything ("Fix Problems")
that is displayed in Red.
Then, run HijackThis ("Scan"). Do NOT make any changes immediately. Save the
HJT Log.
<
http://forums.spywareinfo.com/index.php?showtopic=227>
Finally, have your HJT log interpreted by experts at one or more of the
following security forums (and post it, or a link to your forum posts, here):
Aumha: <
http://forum.aumha.org/index.php>
Net-Integration: <
http://forums.net-integration.net/>
Spyware Info: <
http://forums.spywareinfo.com/>
Spyware Warrior: <
http://spywarewarrior.com/index.php>
Tom Coyote: <
http://forums.tomcoyote.org/>
Wilders Security<
http://www.wilderssecurity.com/>
If removal of any spyware affects your ability to access the internet (some
spyware builds itself into the network software, and its removal may damage your
network), run LSP-Fix and / or WinsockXPFIx.
And Manish, please don't contribute to the spread and success of email address
mining viruses. Learn to munge your email address properly, to keep yourself a
bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.