Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virus's keep installing on pc, suspect startup.exe file

Status
Not open for further replies.
davejam

davejam

Technical User
Jan 6, 2004
313
GB
One of our machines (the bosses of all) has got something serious up with it. (XP machine with microsoft security essentials)

It sparked up this morning with security essentials saying there was 10 virus's/threats detected. this cleaned them, but then when he called me in again it said it had detected virus's/threats again, and the count was going up as i was standing there, got to about 30 when i hit clean regardless.

Restarted in safe mode, ran security essentials scan and picked up a virus which i cleaned, ran malware bytes scan which picked up nothing, but on restarting once logged in, about ten minuites in it flagged up again.... and is pretty constant each time it is scanned.

The virus seems to be win32/ramnit|b and vbs/ramnit|b

I have noticed that there is a file within the startup menu I cannot remove named hivwtceb.exe which sounds somewhat suspect, I canm remove from startup menu, apart from for the user logged in as it says it is locked in a process.

Even when i have removed it for a specific user, when i log in it reappears!!

not sure if this is just a curve ball but doesn't look good, and can't seem to rid the machine of the constant virus/malware detection/attack.

Any ideas?

daveJam

it works on my machine, so technically i win!
 
Sort by date Sort by votes
Get Combofix from link on BleepingComputer.com and follow instructions. I would run it from Safe Mode. Put it on a memory stick, boot the PC into Safe Mode WITH networking (because it has to download and install the recovery console) and then put combofix on the desktop and run it from there.

Should cure what's bothering you. If not, things just got serious.

Google: Combofix bleeping computer
 
Upvote 0 Downvote
Also make certain that you have System Restore turned [red]off[/red] when you clean the PC.


James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
Upvote 0 Downvote
I don't actually recommend that you turn system restore OFF until you have removed the malware. It VERY rarely will reinfect a PC from the System Restore.

Best bet is to leave that in place in case you need it. Then remove malware, then turn system restore off, reboot and turn system restore on again.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
107
SamBones
SamBones
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
121
goombawaho
goombawaho
2ffat
  • Locked
  • News
C-Ware Bundled on "ALL" Freeware Sites
Replies
6
Views
111
xit
xit
SantaMufasa
  • Locked
  • Question
How can I get rid of "PC Fix Speed", a particularly nasty PC malware infection. 2
Replies
18
Views
177
kjv1611
kjv1611
goombawaho
  • Locked
  • Question
Stop Microsoft Security Essentials pop-up on XP machines 1
Replies
9
Views
130
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top