i have a virus, i dont really know anything about it, or how to remove it, i scan c:\ with McAfee, and every .exe file in my computer is infected, and it says its cleaned it, it also deletes about 30 files like Divx Crack, Battlefield 1942 Reg Code ect, and ive never downloaded them, some of my programs wont open either, Nero Burning Rom says the .exe file has been edited, please reinstall, which is really annoying, cuz after ive reinstalled it and used it, the next time i go to use it its infected again does anyone know anything about this, or any tips on how to remove it also ive had this annoying problem with Global Search and some other search engine, every time IE cant find a page those 2 search pages come up, and now and again, my most visited sites (lpa and the armpit) the search engine comes up, and i have to type it in again, its filling my comp with adware, so i change my homepage, delete the adware, and reboot, for a couple of days, it dosnt happen, then it appears again, can anyone help with this? thanks
Norton is the best antivirus software available - get that and you won't regret it. Also, use a program called "Spybot: Search and Destroy" (type it in a search engine because I can't be arsed to get the link). It'll clean out all your spyware from anywhere. The name of the virus would help as well >_>'
Man, your computer needs a really good doctor. About the virus... hmmm, maybe you should go to symantec.com, search for the virus and maybe download any tool they have.
I had that virus. I would reccomment just getting Norton Antivirus and all the updates for it. You will most definitely get rid of it that way. Does it say anything about blaster.exe?
maybe you should try an online virus scanner if the virus wont let your mcafee. i'm taking a guess that you have the Trojan.Win32.Filecoder virus.
i did some searching and this is the closest ive found its called Liberty and its classed as a File Infector, it edits .exe and a bunch of other weird .stuff, but it was discovered in 1990 it says, woudnt there be a fix for it =/
the virus i listed above does almost the exact same thing. here's wat the site mentioned...........The program scans all files into all subdirectories except the directory and then alters them. It renames EXE files and writes itself under the original file name. The new name of the file contains the string: "EXEADDED" + old file name For the rest files, the program renames and encrypts them. It can only rename files without encryption. The new name of the file contains the string: "FILEISENCODED" + old file name The Filecoder program creates 50 different files with corrupted names in the directory named Common Desktop. These files contain Russian text.
hmmm.... Liberty is a memory resident, file infecting virus. It infects .COM .EXE and .OVL files. Upon infection, Liberty becomes memory resident at the top of system memory but below the 640K DOS boundary. Interrupts 21 and 24 are hooked by the virus in memory, as well as interrupt 62 which will map to free available memory. After becoming memory resident, files which are executed may be infected by the virus. All .EXE files are infected, but only .COM files over 2K in length becomes infected. Liberty also infects .OVL files. Liberty is a self-encrypting virus. It is not yet known if it is destructive. Additional Comments: The Liberty virus was isolated in Sydney, Australia in May, 1990. Liberty is a memory resident generic file infector, infecting .COM, .EXE, and overlay files. COMMAND.COM may also become infected. In advanced infections, the virus may also infect boot sectors. The Liberty virus gets its name from the text string "Liberty" which will appear in all infected files. In .EXE files, it will be located in the last 3K of the file. In .COM files, it will appear near the very beginning of the program, as well as within the last 3K of the infected file. The first time a file infected with the Liberty virus is executed, the virus will become memory resident. Liberty installs itself resident at the top of system memory but below the 640K DOS boundary. Total system and available free memory will decrease by 8,496 bytes. Interrupts 21 and 24 will be hooked by the virus in memory, as well as interrupt 62 which will map to free available memory. After becoming memory resident, programs which are executed may be infected by the virus. All .EXE files will be infected, but only .COM files over 2K in length will become infected. Overlay files will also become infected. Infected files will increase in size between 2,859 and 2,873 bytes, and will end with the hex character string: 80722D80FA81772880. The main body of the virus will be located at the end of all infected files. Infected files will have had their file date and time in the DOS disk directory updated to the current system date and time when infection occurred. Infected .COM files can also be identified by the following text string which will appear near the beginning of the infected program: "- M Y S T I C - COPYRIGHT © 1989-2000, by SsAsMsUsEsL" This string does not appear in infected .EXE files, the area where this string would have appeared in infected .EXE files will be 00h characters. Liberty is a self-encrypting virus. It is not yet known if it is destructive. Known variant(s) of Liberty are: Indications Of Infection Infected .COM files can also be identified by the following text string which appears near the beginning of the infected file: "- M Y S T I C - COPYRIGHT © 1989-2000, by SsAsMsUsEsL" This string does not appear in infected .EXE files, the area where this string would have appeared in infected .EXE files have 00h characters. Total system and available free memory decreases by 8,496 bytes. Infected files increase in size between 2,858 and 2,888 bytes, and end with the hex character string: 80722D80FA81772880. The main body of the virus is located at the end of infected files. Infected files have their file date and time in the DOS disk directory updated to the current system date and time of infection. Removal Instructions PE,Trojan,Internet Worm and memory resident : Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner: SCANPM /ADL /CLEAN /ALL (check this link out for a little more help: http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm) Users should not trust file icons, particularly when receiving files from others via P2P clients, IRC, email or other mediums where users can share files. AVERT Recommended Updates : * Office2000 Updates * Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch ) * scriptlet.typelib/Eyedog vulnerability patch * Outlook as an email attachment security update * Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch corrects detection issues with GroupShield It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled. Check your info with all this, mate -see if it matches up.. =\
Well I wrote the guide. That took me two hours PLUS all the edits I've done makes it around three hours