Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: bacobro virus

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Posts
    244

    bacobro virus

    a file named "bacobro!!!.txt" was identified as virus by avg but it couldnt delete or quarntine it now avg is not working at. i installed norton antivirus and it didnt even scan the file. i formatted my full computer and reinstalled win xp again but that file is coming back again. if i try to acess regedit it saying that you dont have permission to acess regedit
    The people who are crazy enough to think they can change the world are the ones that do.


    http://www.AntiOnline.com/sig.php?imageid=767

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    What was/is the virus' name?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Aug 2005
    Posts
    4
    I remember the exact same thing happened to my dad's computer. but after he did a format of the drive it went away. I'm not understanding how you formatted, re-installed, and the file is still coming back. Perhaps it is coming with some of the software you are installing on your PC...say it appeard with, maybe, a crack-file for a bootleg program?
    \"If at first you don\'t succeed, destroy all evidence that you tried...\"

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    yeh and where is this file?.. and after a Format and Clean install? Was that also with a repartition.. or just format and new install of winXP?

    sounds like a file that a program or someone has created that happens to be read only or managed to aquire a "system" status.. did you try doing a properties on the file?.. windows dosent like ppl deleting system files.. (some viri and many adware /spyware love setting files as system-hidden.. just to stuff people up..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey Memphis old chap..................how big is this thing?

    Send me a PM with it as an attachment and I will have a look for you (NOT on a production machine )

    Cheers



    OH!..............good to see you back on AO!

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    One thing that does spring to mind is a reinstall and not installing all the necessary security patches.. Which probably means the machine got 0wn3d again in less then 20 min. of it being online..

    The file's name is just that.. A filename.. If we knew the virus that was contained in that file we might be able to help the OP..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hey SirDice ,

    That was exactly my thinking.........................



  8. #8
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    And looking at the permissions.. I do wonder if it was a true format.. I had a lot of customers who refered to a warm install as formatting and installing.. because some one told them "Just put in the CD it will do it all automaticly" or words to that effect..
    "Warm Installs" or "install overs" can cause some bloody weired permission problems, corrupted/damaged/lost user profiles.. and definatly you will need to reinstall ALL SP's and Updates..
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  9. #9
    Senior Member
    Join Date
    Dec 2003
    Location
    Pacific Northwest
    Posts
    1,675
    He could be re-infecting himself as well. Files backups contain the junk, reopening email attachments in Yahoo, Hotmail, etc., old surfing habits that won't die, etc. It won't matter how many times he builds it back up in those scenarios.

    cheers
    Connection refused, try again later.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmm,

    bacobro!!!.txt
    Several AVs won't find that because it is a text file and they have not been set to scan all, deep scan, heuristic scan.

    If we cannot find the real name of the malware, we cannot really figure out how it works.

    I would suggest a reinstall of AVG, update, then reboot into safe mode then do a complete scan with everything turned on.

    Then I would run Trend Micro's PC-Cillin online scanner.

    I agree that if he did a format and reinstall of Windows, it should not be there unless he has more than one HDD (which he did NOT format) or his backups are infected, or he was infected down the net, because he did not have a firewall.

    I would either use a boot CD or take the HDD to another machine and scan it there. Also I would scan the backup media in another machine.

    Again, this could even be a false positive .....................

    Maybe running EWIDO in safe mode would clarify this, as he seems to have other infections as well.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •