a file named "bacobro!!!.txt" was identified as virus by avg but it couldnt delete or quarntine it now avg is not working at. i installed norton antivirus and it didnt even scan the file. i formatted my full computer and reinstalled win xp again but that file is coming back again. if i try to acess regedit it saying that you dont have permission to acess regedit

What was/is the virus' name?

I remember the exact same thing happened to my dad's computer. but after he did a format of the drive it went away. I'm not understanding how you formatted, re-installed, and the file is still coming back. Perhaps it is coming with some of the software you are installing on your PC...say it appeard with, maybe, a crack-file for a bootleg program?

yeh and where is this file?.. and after a Format and Clean install? Was that also with a repartition.. or just format and new install of winXP?

sounds like a file that a program or someone has created that happens to be read only or managed to aquire a "system" status.. did you try doing a properties on the file?.. windows dosent like ppl deleting system files.. (some viri and many adware /spyware love setting files as system-hidden.. just to stuff people up..

Hey Memphis old chap..................how big is this thing?

Send me a PM with it as an attachment and I will have a look for you (NOT on a production machine :D )

Cheers

:)

OH!..............good to see you back on AO!

One thing that does spring to mind is a reinstall and not installing all the necessary security patches.. Which probably means the machine got 0wn3d again in less then 20 min. of it being online..

The file's name is just that.. A filename.. If we knew the virus that was contained in that file we might be able to help the OP..

Hey SirDice ,

That was exactly my thinking.........................


:)

And looking at the permissions.. I do wonder if it was a true format.. I had a lot of customers who refered to a warm install as formatting and installing.. because some one told them "Just put in the CD it will do it all automaticly" or words to that effect..
"Warm Installs" or "install overs" can cause some bloody weired permission problems, corrupted/damaged/lost user profiles.. and definatly you will need to reinstall ALL SP's and Updates..

He could be re-infecting himself as well. Files backups contain the junk, reopening email attachments in Yahoo, Hotmail, etc., old surfing habits that won't die, etc. It won't matter how many times he builds it back up in those scenarios.

cheers

Hmmm,

bacobro!!!.txt

Several AVs won't find that because it is a text file and they have not been set to scan all, deep scan, heuristic scan.

If we cannot find the real name of the malware, we cannot really figure out how it works.

I would suggest a reinstall of AVG, update, then reboot into safe mode then do a complete scan with everything turned on.

Then I would run Trend Micro's PC-Cillin online scanner.

I agree that if he did a format and reinstall of Windows, it should not be there unless he has more than one HDD (which he did NOT format) or his backups are infected, or he was infected down the net, because he did not have a firewall.

I would either use a boot CD or take the HDD to another machine and scan it there. Also I would scan the backup media in another machine.

Again, this could even be a false positive .....................

Maybe running EWIDO in safe mode would clarify this, as he seems to have other infections as well.

:)

What strikes me is that every search engine I used had nothing about bacobro, bacobro.txt, bacobro!!!.txt, bacobro!!!.text. Neither did virusalert (duth site that has info about almost every virus released).
I hate to ask this, but are you sure it a virus? My 2 cents say that its from a program, otherwise how would it survive a format. (I know programs that have that capability but there are very few.)

Just out of curiosity: Did you try to open it?

-DakX-

On a side note: Check out the describtion that Yahoo! gives us , look under the first result (http://search.yahoo.com/search?p=bacobro&ei=UTF-8&rls=org.mozilla:en-US: official&fr=moz2) . And we keep asking how script kiddies keep showing up here ;)

One more question.. are you sure it's a .txt

Not a .txt.pif or .txt.exe or .txt.com or something with your 'remove known extentions' switch in explorer on and a nice .txt looking ICO..

he didnt read the virus name when it found out that it was a virus and the full system was not formatted only the partition containing the windows files was formatted and installed the and its not possible to go online since he is using it in the hostel and other av softs have been installed but none of them are scanning at all
------------------------------------------------------------------------------------------------------------------------

i am back to stay

Is the file still there?

If the Windows partition has been reformatted and Windows reinstalled it could be that the virus has been eliminated.?

You should scan ALL PARTITIONS in safe mode with an updated AV

;)