Results 1 to 5 of 5

Thread: Please Help XP and Virus

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    24

    Please Help XP and Virus

    Hate to beg for help on thanksgiving but here at my firehouse we had a serious problem with one of our computers. I noticed several folder looking files on the desktop named desktop.exe

    I removed them and they re-appeared on the next startup. Then the computer froze and i am unable to restart. Every restart just brings me to a black screen with the mouse cursor. Same thing happens with safe mode.

    So basically I am unable to get into the pc at all. Like I said this is at my firehouse and there is vital information on there I must get to so any help would be greatly appreciated.

    Also I went to another computer in the stationt o search for possible viruses doing this and I noticed that another computer has the desktop.exe file on its desktop also. Could this of traveled through the network we have set up or did someone accidently download this virus on 2 computers?

  2. #2
    Head Honcho Administrator Reverend's Avatar
    Join Date
    Apr 2002
    Location
    England
    Posts
    14,737
    desktop.exe is a process which belongs to the Backdoor.SdBot.md Trojan and the FFIsearch Spyware. The Sdbot Trojan is installed on your computer without your knowledge and will spread via network shares, and allows attackers to remote control your computer. The FFIsearch Spyware on the other hand (stored in the %systemroot%\isrvs\ directory) is installed on your computer and will monitor your browsing habits and send information back to it's servers. Both are known security risks and should be removed immediately.
    Try the instructions here

    Also run Spybot S&D

    =========== Please Read The Forum Rules ===========

  3. #3
    She who must be obeyed Super Moderator piaqt's Avatar
    Join Date
    Apr 2002
    Location
    NYC
    Posts
    1,628
    and if your antivirus software didn't catch this, try installing avast. The freeware version works perfectly well.

    Last night, I shot an elephant in my pajamas. How he got in my pajamas, I'll never know.
    love, piaqt

  4. #4
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    captain I am with reverend on the virus description.
    I had to clean 5 computer with the same virus about 3 or 4 weeks ago.
    The virus will replace the folders with a file with the folder name being 104 KB
    It will also make the folders like system folders, which are hidden by default.
    To remove the virus I did these steps:
    1) I run a program that I don't remember the name....but I will check it out once I get home. I still have it save
    2) Run AV, McAfee removed all the virus files for me.
    the program that I cannot remember the name also fixed the system folders, but I could not use it in Windows 2003 (I had to clean 2 servers and 3 desktops)
    HijackThis also helpded
    Remove anything suspicious from the startup, and then in the Misc tools, there is a process list, close all the processes that have folder names with exe (desktop.exe, etc) before disabling the startup, and then install an antivirus like Avast and run it.
    There is one thing you need to know however, whenever you open a folder most likely you are opening a copy of the virus, and this virus can copy itself to usb drives. so make sure the USB drive where you have hijackthis and the AV does not have anything on it, since you will have to format it once you are done (and cannot connect it to a clean machine), so run hijack this, make sure none of these files are running and then install the AV.
    You might want to wait until I get the tool name from home, since it was a lot easier.

  5. #5
    Succeded in braking Windo TZ Veteran Dehcbad25's Avatar
    Join Date
    Apr 2002
    Location
    DE - USA
    Posts
    2,222
    BTW the program was comboFix which you can download from bleeping computer
    http://www.bleepingcomputer.com/comb...o-use-combofix

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •