bacobro virus

[M3mph15]

a file named "bacobro!!!.txt" was identified as virus by avg but it couldnt delete or quarntine it now avg is not working at. i installed norton antivirus and it didnt even scan the file. i formatted my full computer and reinstalled win xp again but that file is coming back again. if i try to acess regedit it saying that you dont have permission to acess regedit

[SirDice]

What was/is the virus' name?

[ldnikon]

I remember the exact same thing happened to my dad's computer. but after he did a format of the drive it went away. I'm not understanding how you formatted, re-installed, and the file is still coming back. Perhaps it is coming with some of the software you are installing on your PC...say it appeard with, maybe, a crack-file for a bootleg program?

[Und3ertak3r]

yeh and where is this file?.. and after a Format and Clean install? Was that also with a repartition.. or just format and new install of winXP?

sounds like a file that a program or someone has created that happens to be read only or managed to aquire a "system" status.. did you try doing a properties on the file?.. windows dosent like ppl deleting system files.. (some viri and many adware /spyware love setting files as system-hidden.. just to stuff people up..

[nihil]

Hey Memphis old chap..................how big is this thing?

Send me a PM with it as an attachment and I will have a look for you (NOT on a production machine )

Cheers



OH!..............good to see you back on AO!

[SirDice]

One thing that does spring to mind is a reinstall and not installing all the necessary security patches.. Which probably means the machine got 0wn3d again in less then 20 min. of it being online..

The file's name is just that.. A filename.. If we knew the virus that was contained in that file we might be able to help the OP..

[nihil]

Hey SirDice ,

That was exactly my thinking.........................

[Und3ertak3r]

And looking at the permissions.. I do wonder if it was a true format.. I had a lot of customers who refered to a warm install as formatting and installing.. because some one told them "Just put in the CD it will do it all automaticly" or words to that effect..
"Warm Installs" or "install overs" can cause some bloody weired permission problems, corrupted/damaged/lost user profiles.. and definatly you will need to reinstall ALL SP's and Updates..

[Relyt]

He could be re-infecting himself as well. Files backups contain the junk, reopening email attachments in Yahoo, Hotmail, etc., old surfing habits that won't die, etc. It won't matter how many times he builds it back up in those scenarios.

cheers

[nihil]

Hmmm,

bacobro!!!.txt

Several AVs won't find that because it is a text file and they have not been set to scan all, deep scan, heuristic scan.

If we cannot find the real name of the malware, we cannot really figure out how it works.

I would suggest a reinstall of AVG, update, then reboot into safe mode then do a complete scan with everything turned on.

Then I would run Trend Micro's PC-Cillin online scanner.

I agree that if he did a format and reinstall of Windows, it should not be there unless he has more than one HDD (which he did NOT format) or his backups are infected, or he was infected down the net, because he did not have a firewall.

I would either use a boot CD or take the HDD to another machine and scan it there. Also I would scan the backup media in another machine.

Again, this could even be a false positive .....................

Maybe running EWIDO in safe mode would clarify this, as he seems to have other infections as well.