-
May 3rd, 2006, 02:33 PM
#1
Senior Member
bacobro virus
a file named "bacobro!!!.txt" was identified as virus by avg but it couldnt delete or quarntine it now avg is not working at. i installed norton antivirus and it didnt even scan the file. i formatted my full computer and reinstalled win xp again but that file is coming back again. if i try to acess regedit it saying that you dont have permission to acess regedit
-
May 3rd, 2006, 02:52 PM
#2
What was/is the virus' name?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 3rd, 2006, 03:01 PM
#3
Junior Member
I remember the exact same thing happened to my dad's computer. but after he did a format of the drive it went away. I'm not understanding how you formatted, re-installed, and the file is still coming back. Perhaps it is coming with some of the software you are installing on your PC...say it appeard with, maybe, a crack-file for a bootleg program?
\"If at first you don\'t succeed, destroy all evidence that you tried...\"
-
May 3rd, 2006, 03:08 PM
#4
yeh and where is this file?.. and after a Format and Clean install? Was that also with a repartition.. or just format and new install of winXP?
sounds like a file that a program or someone has created that happens to be read only or managed to aquire a "system" status.. did you try doing a properties on the file?.. windows dosent like ppl deleting system files.. (some viri and many adware /spyware love setting files as system-hidden.. just to stuff people up..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
May 3rd, 2006, 04:12 PM
#5
Hey Memphis old chap..................how big is this thing?
Send me a PM with it as an attachment and I will have a look for you (NOT on a production machine )
Cheers
OH!..............good to see you back on AO!
-
May 3rd, 2006, 04:12 PM
#6
One thing that does spring to mind is a reinstall and not installing all the necessary security patches.. Which probably means the machine got 0wn3d again in less then 20 min. of it being online..
The file's name is just that.. A filename.. If we knew the virus that was contained in that file we might be able to help the OP..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 3rd, 2006, 04:14 PM
#7
Hey SirDice ,
That was exactly my thinking.........................
-
May 4th, 2006, 01:39 AM
#8
And looking at the permissions.. I do wonder if it was a true format.. I had a lot of customers who refered to a warm install as formatting and installing.. because some one told them "Just put in the CD it will do it all automaticly" or words to that effect..
"Warm Installs" or "install overs" can cause some bloody weired permission problems, corrupted/damaged/lost user profiles.. and definatly you will need to reinstall ALL SP's and Updates..
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
May 4th, 2006, 03:09 AM
#9
He could be re-infecting himself as well. Files backups contain the junk, reopening email attachments in Yahoo, Hotmail, etc., old surfing habits that won't die, etc. It won't matter how many times he builds it back up in those scenarios.
cheers
Connection refused, try again later.
-
May 4th, 2006, 06:39 AM
#10
Hmmm,
Several AVs won't find that because it is a text file and they have not been set to scan all, deep scan, heuristic scan.
If we cannot find the real name of the malware, we cannot really figure out how it works.
I would suggest a reinstall of AVG, update, then reboot into safe mode then do a complete scan with everything turned on.
Then I would run Trend Micro's PC-Cillin online scanner.
I agree that if he did a format and reinstall of Windows, it should not be there unless he has more than one HDD (which he did NOT format) or his backups are infected, or he was infected down the net, because he did not have a firewall.
I would either use a boot CD or take the HDD to another machine and scan it there. Also I would scan the backup media in another machine.
Again, this could even be a false positive .....................
Maybe running EWIDO in safe mode would clarify this, as he seems to have other infections as well.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|