Win32/Hidrag

Squirly · Post by **Squirly** » 19 Jan 2007, 10:16

I have a HDD here (a friends) which has a bunch of stuff on it, all sorts. AVG seems to think that a bunch of .exe files on it "Could be infected with the Win32/Hidrag". AVGs words. It can't heal them and thus stuffs them into the vault.
Now I've checked out evertyhing about thsi virus and I can guarantee that it's not on any of our machines. There are no registry entries, no extra files in other directories, hijackthis shows us nothing. It seems like just these files are affected adn we can't use them. This is bad.

Now, how do I clean these damn fiels? AVG apparently has a tool for fixing the file, but that doesn't work, online scans have doen nothing (and take forever because my connection is kinda crappy).

So what now?

Post by **Anthro** » 19 Jan 2007, 10:33

Okay - here goes...
Go to My Computer>Tools>Folder Options>View
1.Tick "Display contents of system folders"
2. Mark "Show all files"
3.Untick "Hide protected operating files"

Search the drive for *.exe extentions you might see some files that were super hidden -
1.List those names here
2. Try delete them manually
3. Disable AVG, then try delete them manually
4. If they are locked into memory - then check which processes are the "suspect" ones (Write these down).
5. Post the names here if any were found that are "suspect", then we'll go from there.

rustypup · Post by **rustypup** » 19 Jan 2007, 10:41

iirc hidrag == jeefo... in which case, recover what hard data you can and scrub the disc... malformed executables are not easily recovered...

also, tell your friend the best approach is not to download and run stuff off of p2p, jeefo's preferred transport pipe...

is this his/her OS disc?

Squirly · Post by **Squirly** » 19 Jan 2007, 12:27

Nope , a data disc. Self extracting .exes, images, movies etc. It's just the exe files that are infected and it sucks bawls.

How is it that no virus program can fix them?

rustypup · Post by **rustypup** » 19 Jan 2007, 13:38

likely because the damage done to the executable during infection is not reversible.... while the "heal" option is the standard approach with older virii, the newer strains, which have been authored to mutate on each infection to modify their signature and reduce chance of detection, make it very difficult to determine which parts of the executable are good and which parts not.

Squirly · Post by **Squirly** » 19 Jan 2007, 14:34

******.

Well, thanks anyway.

rustypup · Post by **rustypup** » 19 Jan 2007, 14:51

i received an unsubstantiated, (for obvious reason), rumour that DrWeb CureIT *may* have the cure...

DarkStar · Post by **DarkStar** » 19 Jan 2007, 18:11

http://www.grisoft.cz/softw/70/filedir/ ... leaner.exe

Here, try this

I've been hit by this virus before. This cleans it out AND restores all infected files back to normal (unless they've been damaged permanently)