# Virus problems



## clinty92 (Sep 22, 2011)

Okay firstly I would like to say hello.. I'm new to this forum seeking help for this disappointing problem I'm having. Well it starts out like this I have some sort of malware on my external and I'm not sure how to go about getting it off or cleaning it without losing any of my files or infecting my pcs. Is there anyway I can take the files off and erase the drive of viruses? I'm not entirely sure how it got there, but its there and anything it connects to it trys to infect...

Please give me some advise anything is useful.. thanks


----------



## johnb35 (Sep 22, 2011)

Please download and run malwarebytes full scan on the drive.  When you do the full scan, you can actually select what drives it scans, just make sure you select your external and then post the log that it displays at the end.  Then we can make sure your regular hard drive isn't infected as well.

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## clinty92 (Sep 22, 2011)

You want me to scan my primary drive and my external with malwarebytes? Sorry Im misunderstanding the part when you say 

Please download and run malwarebytes full scan on the drive. When you do the full scan, you can actually select what drives it scans, just make sure you select your external and then post the log that it displays at the end. "Then we can make sure your regular hard drive isn't infected as well."


----------



## johnb35 (Sep 22, 2011)

By performing the full scan and following the rest of the procedure, we can make sure your primary hard drive isn't infected.  Select full scan on the menu and then press the scan button, this will bring up a list of drives that windows detects.  Just make sure select your primary and external drive to make sure they get scanned.


----------



## clinty92 (Sep 22, 2011)

Okay so I did understand what you meant and I did that now Im a bit scared to remove this file with malwarebytes. Its says it has malware.packer.GenX F:\Recycler\E621CA05.EXE, now I had removed this thing earlier but ended up puting it back cause it rendered my external useless as in nothing was accessable. The external kept its volume but it said invalid location for every folder when trying to open it. I don't want to delete it then ending up not being able to touch anything in the hard drive


----------



## johnb35 (Sep 22, 2011)

That is malware and is located in the recycle bin on your external.  It's a malware downloader and needs to be deleted.


----------



## clinty92 (Sep 22, 2011)

But if I delete this the whole thread would be pointless unless I'm over looking something because if I delete that my external and files are just better off deleted and reformatted.


----------



## johnb35 (Sep 22, 2011)

This file is in the recylce bin and shouldn't stop you from accessing your files after you delete it. You may want to perform an online scan using eset to if anything is getting missed.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------

