I have a HDD here (a friends) which has a bunch of stuff on it, all sorts. AVG seems to think that a bunch of .exe files on it "Could be infected with the Win32/Hidrag". AVGs words. It can't heal them and thus stuffs them into the vault.
Now I've checked out evertyhing about thsi virus and I can guarantee that it's not on any of our machines. There are no registry entries, no extra files in other directories, hijackthis shows us nothing. It seems like just these files are affected adn we can't use them. This is bad.
Now, how do I clean these damn fiels? AVG apparently has a tool for fixing the file, but that doesn't work, online scans have doen nothing (and take forever because my connection is kinda crappy).
So what now?
Win32/Hidrag
-
- Moderator Emeritus
- Posts: 5547
- Joined: 21 Dec 2002, 02:00
- Processor: i7 3770k
- Motherboard: ASUS P8P67-Pro
- Graphics card: 2xNvidia GTX670
- Memory: 16 GB Gskill Sniper
- Location: In SQL Space inserting 'null' on purpose
- Contact:
Okay - here goes...
Go to My Computer>Tools>Folder Options>View
1.Tick "Display contents of system folders"
2. Mark "Show all files"
3.Untick "Hide protected operating files"
Search the drive for *.exe extentions you might see some files that were super hidden -
1.List those names here
2. Try delete them manually
3. Disable AVG, then try delete them manually
4. If they are locked into memory - then check which processes are the "suspect" ones (Write these down).
5. Post the names here if any were found that are "suspect", then we'll go from there.
Go to My Computer>Tools>Folder Options>View
1.Tick "Display contents of system folders"
2. Mark "Show all files"
3.Untick "Hide protected operating files"
Search the drive for *.exe extentions you might see some files that were super hidden -
1.List those names here
2. Try delete them manually
3. Disable AVG, then try delete them manually
4. If they are locked into memory - then check which processes are the "suspect" ones (Write these down).
5. Post the names here if any were found that are "suspect", then we'll go from there.
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
iirc hidrag == jeefo... in which case, recover what hard data you can and scrub the disc... malformed executables are not easily recovered...
also, tell your friend the best approach is not to download and run stuff off of p2p, jeefo's preferred transport pipe...
is this his/her OS disc?
also, tell your friend the best approach is not to download and run stuff off of p2p, jeefo's preferred transport pipe...
is this his/her OS disc?
Most people would sooner die than think; in fact, they do so - Bertrand Russel
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
likely because the damage done to the executable during infection is not reversible.... while the "heal" option is the standard approach with older virii, the newer strains, which have been authored to mutate on each infection to modify their signature and reduce chance of detection, make it very difficult to determine which parts of the executable are good and which parts not.
Most people would sooner die than think; in fact, they do so - Bertrand Russel
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
i received an unsubstantiated, (for obvious reason), rumour that DrWeb CureIT *may* have the cure...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 2701
- Joined: 17 Aug 2004, 02:00
- Location: What? You mean you can't see me?
- Contact:
http://www.grisoft.cz/softw/70/filedir/ ... leaner.exe
Here, try this
I've been hit by this virus before. This cleans it out AND restores all infected files back to normal (unless they've been damaged permanently)
Here, try this
I've been hit by this virus before. This cleans it out AND restores all infected files back to normal (unless they've been damaged permanently)
If I can't find a friendship problem...I'll make a friendship problem!
http://www.youtube.com/watch?v=Lxo1qlk6gEI
http://www.youtube.com/watch?v=Lxo1qlk6gEI