Virus/Malware infection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Somehow I managed to infect a XP laptop with all sorts of malware and
viruses simply by accessing a website: McAfee resident scan was useless
despite being up to date.

I suspect that the "security" lock down on the laptop prevented Windows
Update from installing fixes for security flaws. Also McAfee, which I would
never select as an AV

It took me 13 hours to clean the infection - none of the rescue disks
(including Kaspersky) cleared all of the infections and ultimately only
Combofix, Malwarebytes, Spybot and Windows Defender resident protection
managed to remove all of the infections (I needed to use all of them).

Anyway, an alert popped up which looked the same as the malware false alert
but was in fact a genuine Windows Defender alert which I managed to
"ignore". The scan history now shows that the following item was "ignored":

globalroot\device\Ide\iastore0\bcimqnbv\tdlwsp.dll

It is identified as: Trojan:Win32/Alureon.gen!U

I can't seem to force Windows Defender to identify it again and other
anti-malware isn't identifying it.

How would I remove this virus? The dll doesn't seem to be present in a
Windows accessible path - it almost looks like an Unix path.

If it is just a dll and other executable files are not - or do not seem to
be - present is there anything to worry about?

I also think an SD card was infected which subsequently infected a Windows
Mobile device (which can be cleaned via a rom reflash).

How could I safely connect the SD card to a PC in order to clean it? Is
disabling autoplay enough?

 


Re: Virus/Malware infection



Quoted text here. Click to load it
.
I would use Panda USB Vaccine which can be installed "resident".  It will
disable autorun functionality on the PC.  Just do a google search for it.


Re: Virus/Malware infection




| Somehow I managed to infect a XP laptop with all sorts of malware and
| viruses simply by accessing a website: McAfee resident scan was useless
| despite being up to date.

| I suspect that the "security" lock down on the laptop prevented Windows
| Update from installing fixes for security flaws. Also McAfee, which I would
| never select as an AV

| It took me 13 hours to clean the infection - none of the rescue disks
| (including Kaspersky) cleared all of the infections and ultimately only
| Combofix, Malwarebytes, Spybot and Windows Defender resident protection
| managed to remove all of the infections (I needed to use all of them).

| Anyway, an alert popped up which looked the same as the malware false alert
| but was in fact a genuine Windows Defender alert which I managed to
| "ignore". The scan history now shows that the following item was "ignored":

| globalroot\device\Ide\iastore0\bcimqnbv\tdlwsp.dll

| It is identified as: Trojan:Win32/Alureon.gen!U

| I can't seem to force Windows Defender to identify it again and other
| anti-malware isn't identifying it.

| How would I remove this virus? The dll doesn't seem to be present in a
| Windows accessible path - it almost looks like an Unix path.

| If it is just a dll and other executable files are not - or do not seem to
| be - present is there anything to worry about?

| I also think an SD card was infected which subsequently infected a Windows
| Mobile device (which can be cleaned via a rom reflash).

| How could I safely connect the SD card to a PC in order to clean it? Is
| disabling autoplay enough?


"globalroot\device\Ide\iastore0\bcimqnbv\tdlwsp.dll
It is identified as: Trojan:Win32/Alureon.gen!U"

And you stated " How would I remove this virus?"
This is NOT a virus !

This is a TDSS RootKit.

Download and use Gmer.
http://www.gmer.net/#files





--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline