×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Virus's keep installing on pc, suspect startup.exe file

Virus's keep installing on pc, suspect startup.exe file

Virus's keep installing on pc, suspect startup.exe file

(OP)
One of our machines (the bosses of all) has got something serious up with it. (XP machine with microsoft security essentials)

It sparked up this morning with security essentials saying there was 10 virus's/threats detected. this cleaned them, but then when he called me in again it said it had detected virus's/threats again, and the count was going up as i was standing there, got to about 30 when i hit clean regardless.

Restarted in safe mode, ran security essentials scan and picked up a virus which i cleaned, ran malware bytes scan which picked up nothing, but on restarting once logged in, about ten minuites in it flagged up again.... and is pretty constant each time it is scanned.

The virus seems to be win32/ramnit|b and vbs/ramnit|b

I have noticed that there is a file within the startup menu I cannot remove named hivwtceb.exe which sounds somewhat suspect, I canm remove from startup menu, apart from for the user logged in as it says it is locked in a process.

Even when i have removed it for a specific user, when i log in it reappears!!

not sure if this is just a curve ball but doesn't look good, and can't seem to rid the machine of the constant virus/malware detection/attack.

Any ideas?

daveJam

it works on my machine, so technically i win!

RE: Virus's keep installing on pc, suspect startup.exe file

Get Combofix from link on BleepingComputer.com and follow instructions.  I would run it from Safe Mode.  Put it on a memory stick, boot the PC into Safe Mode WITH networking (because it has to download and install the recovery console) and then put combofix on the desktop and run it from there.

Should cure what's bothering you.  If not, things just got serious.

Google:   Combofix bleeping computer

RE: Virus's keep installing on pc, suspect startup.exe file

Also make certain that you have System Restore turned off when you clean the PC.
 

James P. Cottingham
I'm number 1,229!
I'm number 1,229!

RE: Virus's keep installing on pc, suspect startup.exe file

I don't actually recommend that you turn system restore OFF until you have removed the malware.  It VERY rarely will reinfect a PC from the System Restore.

Best bet is to leave that in place in case you need it.  Then remove malware, then turn system restore off, reboot and turn system restore on again.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close